The Philips VOIP841 DECT cordless phone with an embedded Skype client suffers from a hidden administrative interface with a default login, directory traversal, and cross site scripting vulnerabilities.
Local stack overflow exploit for the gkrellweather plugin version 0.2.7 that works with gkrellm version 2.2.9. Note that this is a proof of concept and only escalates privileges if the binary is setuid or spawned with sudo. By default, this binary is not normally setuid.
An input validation problem in JSPWiki allows the execution of arbitrary local .jsp files. Cross site scripting vulnerabilities also exist. Versions 2.4.104 and 2.5.139 are vulnerable. Earlier versions may also be susceptible.