PHP-Nuke <= 5.4 - Path Disclosure via File Parameter
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
Ikonboard 3.0.1 - Stored Cross-Site Scripting via IMG Tag
Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag.