Month of PHP Bugs already started, and there is until today 11 Bugs posted. The goal is to make PHP more secure and make people and developers aware of insecurities in the language. Day by day vulnerabilities vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed, and I think that Stefan have the list ready to go for the full month, maybe more.
- PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
- PHP Executor Deep Recursion Stack Overflow
- PHP Variable Destructor Deep Recursion Stack Overflow
- PHP 4 unserialize() ZVAL Reference Counter Overflow
- PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability
- Zend Platform Insecure File Permission Local Root Vulnerability
- Zend Platform ini_modifier Local Root Vulnerability
- PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
- PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
- PHP php_binary Session Deserialization Information Leak Vulnerability
- PHP WDDX Session Deserialization Information Leak Vulnerability
