CVE-2007-1484

The arrayuserkeycompare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zvaldtor, which triggers memory corruption and allows local users to bypass safemode and execute arbitrary code via a certain unset operation after arrayuserkeycompare has been called...

security flaw

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...