Anyone get the PowerDNN email recently? I've not seen anything in the forums about it yet but wondering if the core team is aware and working on it?

Yes, I have one of my sites hosted with them and received the email this morning.

As of Yesterday evening at 9:47PM US Central Time, the PowerDNN Engineering Team, discovered two Hyper-Critical security flaws in the standard DotNetNuke Framework.  If left unpatched, these security flaws would allow any website visitor to alter your web.config file as well as remotely execute SQL scripts against your database.  Since last night, our entire engineering team has been working around the clock to create patches for all affected versions of DotNetNuke.  As of 7:42PM US Central Time, these patches have been created and deployed to all PowerDNN customers.

Yeah, I was hesitating on posting too many details to the forums yet but since PowerDNN isn't giving any details no one seems to be sure of anything. I'm currently ftp'ing one of my sites down to look for modified dates. The only other options seem to be running a netowrk scanner on a site and then scanning it with their tool or doing a complete backup before paying them the $20 to patch it and see what they changed. I would hope they are communicating with the core team on this. Would be really $hitty to keep it to themselves and charge for fixing it.