Just a quick and very important note for anyone out there using the phpBB software:

We've been notified about a vulnerability in phpBB 2.0.6 (which also affects 2.0.4 and 2.0.5). The fix is noted below but please note the text that follows it. A change was made to the way bbcode url matching is achieved around phpBB 2.0.4. This was done following complaints that our existing methods, as used in earlier releases of phpBB were too restrictive. Unfortunately the match went from too restrictive to too loose. This allows people to "break out" of the anchor href and insert arbitary markup, particularly event handling parameters. This can result in anything from "nuisance" posts to people exploiting cross-site issues to grab cookie data.

They are deeming this exploit serious and advise that all users using 2.0.4 through 2.0.6 apply the following fix.