Attack: Denial Of Service
Required cookies: GLOBALS=<anything>
Triggering file: index.php (just an example, basically any file including the
affected file)
Affected file: wp-settings.php
Effect: no request is processed as it aborts because of the presence of
GLOBALS in $_REQUEST

Attack: Deletion of users
Required cookies: action=dodelete, delete_option=delete, users[]=n (where n is
an integer)
Triggering file: wp-admin/users.php
Affected file: wp-admin/users.php
Note: this doesn't affect etch's version as it correctly uses $_POST

Attack: Denial Of Service
Required cookies: action=logout
Triggering file: wp-login.php
Affected file: wp-login.php
Effect: redirection loop, preventing the user from logging in

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771
http://trac.wordpress.org/ticket/8814