EUVD-2025-12379

Malicious code in bioql PyPI...

EUVD-2023-59374

Malicious code in bioql PyPI...

PT-2025-22936 · Unknown · Pixelimity

Name of the Vulnerable Software and Affected Versions: Pixelimity version 1.0 Description: A critical issue was found in the Installation component, specifically in the /install/index.php file. The manipulation of the site description argument leads to SQL injection. This issue can be exploited...

CVE-2023-21858

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: Installation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative...

CVE-2023-21969

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

CVE-2021-2147

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Installation. The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit execut...

CVE-2021-2041

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

BIT-JOOMLA-2021-26038 [20210704] - Core - Privilege escalation through com_installer

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...

PT-2024-38289 · Point B · Getscreen Agent

Name of the Vulnerable Software and Affected Versions: Point B Ltd Getscreen Agent version 2.19.6 Description: A critical issue was found in the Installation component of the software, specifically in the getscreen.msi file, which leads to the creation of a temporary file with insecure permission...

CVE-2024-1705

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...

CVE-2024-1705 Shopwind Installation DefaultController.php actionCreate code injection

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...

PT-2024-18238 · Shopwind · Shopwind

Name of the Vulnerable Software and Affected Versions: Shopwind versions up to 4.6 Description: A critical issue affects the actionCreate function of the /public/install/controllers/DefaultController.php file in the Installation component, leading to code injection. The attack can be initiated...

Privilege escalation

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package...

CVE-2024-0219 Privilege Elevation via Telerik JustDecompile Installer

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation...

PT-2024-1336 · Oracle · Oracle Agile Product Lifecycle Management For Process

Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process versions prior to 6.2.4.2 Description: The issue is related to insufficient input validation in the Installation component of the Oracle Agile Product Lifecycle Management for Process...

CVE-2023-7193

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The...

Improper access control

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The...

PT-2023-2666 · Oracle · Oracle Sql Developer

Name of the Vulnerable Software and Affected Versions: Oracle SQL Developer versions prior to 23.1.0 Description: The issue is related to insufficient input validation in the Installation component of Oracle SQL Developer, allowing a high-privileged attacker with logon to the infrastructure where...