Just saw the announcement on Slashdot by the Hardened-PHP Project. The vulnerabilities include pack(), unpack(), safe_mode_exec_dir bypass in multithreaded PHP, realpath() and unserialize().
Web 2.0 : Social Media : Virtual Worlds
PHP
PHP Vulnerabilities Announced
© 2004 MetaverseDeveloper. 
Discussion
No comments for “PHP Vulnerabilities Announced”