TYPO3 developers warn of critical hole
The TYPO3 developer team has warned that a critical hole in the TYPO3 Content Management System (CMS) potentially allows attackers to compromise a server. Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion). The developers have been informed that attackers are already trying to intrude into users' servers on a large scale.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump