DOOMLA: The wave of compromised OS X Server installations starts in 3...2...1...
Submitted by robot_terror on Tue, 03/04/2008 - 15:15.Apple's Open Source download page has a new featured package that is guaranteed to raise the profile of Mac OS X Server on the list of exploited servers: Joomla!, or, as I'm starting to call it, DOOM-LA. 
If you don't know why Joomla is veritible DOOMLA for any server, just have a look at the list of known (known!) exploits:
2008-02-23 Joomla Component simple shop 2.0 SQL Injection Vulnerability 2008-02-20 Joomla Component com_hwdvideoshare SQL Injection Vulnerability 2008-02-18 Joomla Component com_clasifier (cat_id) SQL Injection Vulnerability 2008-02-18 Joomla Component com_pccookbook (user_id) SQL Injection Vulnerability 2008-02-18 Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability 2008-02-16 Joomla Component com_galeria Remote SQL Injection Vulnerability 2008-02-16 Joomla Component jooget <= 2.6.8 Remote SQL Injection Vulnerability 2008-02-14 Joomla Component mediaslide (albumnum) Blind SQL Injection Exploit 2008-02-14 Joomla Component Quiz <= 0.81 (tid) SQL Injection Vulnerability 2008-02-14 Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability 2008-02-14 Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability 2008-02-13 Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability 2008-02-12 Joomla Component pcchess <= 0.8 Remote SQL Injection Vulnerability 2008-02-12 Joomla Component rapidrecipe <= 1.6.5 SQL Injection Vulnerability 2008-02-08 Joomla Component NeoGallery 1.1 SQL Injection Vulnerability 2008-02-07 Joomla Component com_noticias 1.0 SQL Injection Vulnerability 2008-02-07 Joomla Component com_doc Remote SQL Injection Vulnerability 2008-02-06 Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability 2008-02-03 Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability 2008-02-03 Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability 2008-02-01 Joomla Component NeoReferences 1.3.1 (catid) SQL Injection Vuln
And that's just since February 2008. Yeah. Mac OS X is DOOM-LA'ed. Thanks, Apple!