On John Cox's blog today, he has this new post with a wrap up of some of the security tid bits from this past week.

I have been traveling most of this week, but there appears to have been a few exploits posted during this time. I see three new security notices on Cacti:

• The first is the most interesting which is a Remote Command Execution exploit. Unfortunately, the authors of the advisory did not provide an example of injection code to learn from.
• punBB had a published exploit which on its surface does not appear to be that disconcerting. Still, with the addition of uploaded avatars can produce an interesting effect: "PunBB supports uploadable avatar pictures and therefore a potential attacker could register with the forum and upload a picture with evil PHP code appended to it."
• Paul Jones reported a YaWiki XSS exploit which was used in the comments templates.

He also wraps it up with Ilia Alshanetsky's blog concerning some of the banning of phpBB that's happening...