Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email firstname.lastname@example.org.
See the other latest 6 security threads. They’re looking for a weakness in Zend’s way of using controllers. Magento hasn’t been keen to address it but we’ve been looking at ways to prevent these from working. There are htaccess rules (see my thread) as well as an index.php hack that stops this in its track.