Hi!
The security problem mentioned in the Secunia advice is unrelated to the problem you're describing later. The header injection was fixed in DokuWiki-2006-11-06 and was
reported in the bugtracker back then.
The real problem seems to be that spammers use open Wikis to upload spammy HTML with the mediamanager. Recent devel releases (I'm not sure about 2006-11-06) don't allow to upload HTML by default and all the links in the mentioned forum use a .txt extension. This means visiting these links will result in the HTML being displayed in raw text instead of being rendered, so from a spammers perspective this seems to be stupid.
So this is
not a security breach but more of a misconfiguration of the Wiki.
To make sure spammers can't upload text or HTML files remove the html and txt extensions from conf/mime.conf
I will remove the .txt extension from future releases default mime.conf.
Andi
PS: Please always report security problems in the bugtracker or mailing list.
PPS: Looking at the second post in the provided forum link it seems that TWiki suffers from the same spam attack.