It seems fairly obvious but the classic phpbb_root_path vulnerability is present in products such as: Omegaboard, Cerulean Portal System, phpBB Tweaked, Hailboards, EclipseBB and Xero Portal.  All are affected by the vulnerability exposed by having register_globals set to "on."  It appears that it is being regularly exploited as well to deface systems.
www.heise-security.co.uk/news/84732
Thanks for the lead Juergen!