In first week of this month, the Zend Framework vulnerability was found in Magento. This security issue is very vital. It allows the attackers of your website to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.
To solve Zend Framework vulnerability issue, MagentoCommerce has provided some security patches for Community, Enterprise and Professional Editions which should be applied as soon as possible.
Magento Enterprise Edition and Professional Edition merchants:
You may access the Zend Security Upgrade patch from Patches & Support for your product in the Downloads section of your Magento account. Account log-in is required.
Magento Community Edition merchants:
You can applied this patch in two methods:
1) Via SSH (Command line)
2) Without SSH (Applying the patch by replacing the file)
Applying the patch via SSH
Here is an example as to how to apply the patch file via SSH for a 1.4 store
cd /home/mystore/public_html wget -qO - http://www.magentocommerce.com/downloads/assets/18.104.22.168/CE_22.214.171.124-126.96.36.199.patch | patch -p0
Always use latest version of Magento.