sudoedit as found in sudo versions 1.7.2p5 and below fails to verify the path of the executable and therefore allows for an easy to exploit local privilege escalation vulnerability.
The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.