Recently in Security Category
Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.
That is bad, as it would allow a potential attacker to read things like configuration files etc. which may contain passwords or other sensitive information.
This comes just days after Six Apart announced a security upgrade for all Movable Type versions. The most likely scenario is that someone reverse-engineered the security fixes to discover which vulnerabilies were patched and then exploited them.PBS.org was owned via a 0day we discovered in mt4 aka MoveableType 4