security flaw

mysqlinstalldb in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysqlinstalldb.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents...

CVE-2005-1392

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script...

CVE-2005-0884

DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script...

CVE-2005-1392

CVE-2005-1392 : In phpMyAdmin 2.6.2, the SQL install script is created with world-readable permissions, enabling a local attacker to read the initial pma password from the script. Affected software: phpMyAdmin 2.6.2 (initial password stored for the pma user). Impact: local confidentiality breach ...

CVE-2005-0884

DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script...

CVE-2005-0884

CVE-2005-0884 (DigitalHive 2.0) is described across NVD and CVE records as a remote-access issue where an attacker can re-install the product by directly accessing the install script. The connected documents confirm the affected product (DigitalHive 2.0) and the described attack vector, but do no...

Comersus Default Install Script Admin Access

Binary data 2554.prm...

PostNuke 0.7x - Install Script Administrator Password Disclosure

source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...

PostNuke 0.7x - Install Script Administrator Password Disclosure

PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...

CVE-2003-0304

one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script...

OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access

source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script. Reportedly a script does not...

Oracle 8 - oratclsh Suid

Oracle 8 - oratclsh Suid source: https://www.securityfocus.com/bid/159/info Oracle8 is an enterprise level database. As part of the Internet Agent option installation process it installs the file $ORACLEHOME/bin/oratclsh as suid root. oratclsh is a TCL application that provides full access to TCL...