PHP security group, the Hardened-PHP Project, reported today that PHP 4.x and 5.x were at risk from a number of vulnerabilities that could lead to denial of service attacks (define) against Web sites.
Other potential risks: Cross Site Scripting attacks and other security bypass vulnerabilities that could have allowed a malicious user unauthorized system access.