phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit

php bug in ext/standart/varunserializer.c in php 4.3.10 for dump php heap memory with phpbb2 ,who use unserialize for cookie , and found the config.phpsql password in the heap. you need http://overdose.tcpteam.org/serv.h and http://overdose.tcpteam.org/serv.cpp for compile / coded by overdose...

vpopmail weak permissions

/etc/vpopmail.conf file with cleartext SQL password is world readable...

Missing admin sql password in Okena StormWatch

Hi! I was working with Okena StormWatch1 - a really interesting commercial intrusion prevention product - and saw that there is the SQL password for the admin account sa missing. With a SQL client and a blank password it's possible for everyone who can connect to the manager to compromise the who...

twlc advisory: all versions of php nuke are vulnerable...

twlc security divison 24/09/2001 Php nuke BUGGED. Found by: LucisFero and supergate ./twlc Summary This time the bug is really dangerous...it allows you to 'cp' any file on the box... or even upload files... Systems Affected all the versions ARE vulnerable except '5.0 RC1' i wonder why a released...