The Joomla security team have released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. Browser information is not filtered properly while saving the session values into the database which leads to a remote code execution vulnerability.
Upgrade to Joomla! CMS version 3.4.6. If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes listed in the Web references section.