8
There were, about a month ago or so, a lot of eXoops defacements. Looking a bit into it, it was seen that the problem was in the gallery module; the problem was also found on certain versions of Gallery and sites were also being hacked through it.
That time the systems hacked into were Linux and FreeBSD (iirc).
It basicly works by combination:
First you find a simple exploit on a web application (i.e. Gallery) and use it to gain write and execute priviledges on a site.
Then you dump some local OS exploit (i.e. Linux's kernel do_brk overflow) and try it hoping the system's not patched or updated.
Oh, and by the way... there's also a small annoying detail: if you're on a shared host (as many of us are), you may have good security yourself, but if they gain access to the system from someone else's web application, you're busted too... because, they run these stupid competitions or whatever and they count how many sites they deface, so when they get access to a system, they tend to deface all the sites on that server.
The thing is all this is readily found on the net (looking at the right places) and can be put to practice with just some basic knowledge. So almost any bored kid can come by this and try it 'just for fun'.
I guess the conclusion is: be aware, try and do secure your application and pest your hosting service as much as necessary to make them take patches seriously.