Searching install software vulnerabilities

The Microsoft Active Setup ActiveX component in

manufacturer | software's | components | component | Microsoft | prompting | attacker | software | Explorer | Internet | without | stating | ActiveX | install | remote | Active | allows | Setup | user |

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.


Helix GNOME Updater helix-update 0.5 and earlie

/tmp/helix-install | helix-update | installation | installing | arbitrary | directory | packages | creating | earlier | Updater | install | before | allows | Helix | begun | users | local | GNOME | root | RPM | has |

Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.


The default permissions for the MTS Package Adm

Administration | Transaction | permissions | arbitrary | Microsoft | registry | install | default | Package | Windows | modify | Server | allows | users | local | MTS | key |

The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.


Gator ActiveX component (IEGator.dll) 3.0.6.1 a

component | ActiveX | Gator |

Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.


The installation procedure for Invision Board s

installation | information | phpinfophp | sensitive | procedure | pathnames | settings | Invision | suggests | absolute | install | program | leaks | users | Board | under | which | root | such | PHP | web |

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.


The "ICQ Features on Demand" functionality for

functionality | authenticity | attackers | arbitrary | Mirabilis | upgrades | properly | Features | spoofing | software | install | Demand" | attack | remote | allows | verify | 2003a | which | does | "ICQ | ICQ | via | not | Pro |

The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.


The maketemp.pl script in Usermin 1.070 and 1.0

maketemppl | Usermin | script |

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.


Mozilla before 1.7, Firefox before 0.9, and Thu

interactive | Thunderbird | extensions | manipulate | arbitrary | XPInstall | Security | Firefox | Mozilla | install | events | dialog | before | remote | sites | using | allow | box | web |

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.


The install scripts in SugarCRM Sugar Sales 2.0

administrative | installation | attackers | cleartext | changing | password | SugarCRM | database | settings | default | scripts | install | removed | earlier | service | allows | denial | obtain | cause | Sugar | after | Sales | MySQL | which | 201c | form | not |

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.


Mac OS X 10.3.9 and earlier allows users to ins

Mac |

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.


The SQL install script in phpMyAdmin 2.6.2 is c

phpMyAdmin | install | script | SQL |

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.


Dashboard in Apple Mac OS X 10.4.1 allows remot

Dashboard | Apple | Mac |

Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.


mysql_install_db in MySQL 4.1.x before 4.1.12 a

mysql_install_db | before | MySQL | 41x |

mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.


Mason before 1.0.0 does not install the init sc

before | Mason |

Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.


The installer for Gallery 2.0 before 2.0.2 stor

installer | Gallery | before |

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.


Directory traversal vulnerability in LinPHA 1.0

vulnerability | arbitrary | attackers | traversal | Directory | include | LinPHA | allows | remote | files | via |

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.


Directory traversal vulnerability in Gallery 2.

vulnerability | traversal | Directory | Gallery |

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.


Unspecified vulnerability in CA eTrust Antiviru

vulnerability | Unspecified | Antivirus | WebScan | before | eTrust |

Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.


** DISPUTED ** PHP remote file inclusion vulner

vulnerability | installphp | inclusion | DISPUTED | CS-Cart | remote | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.


PHP remote file inclusion vulnerability in inst

install/indexphp | vulnerability | attackers | inclusion | parameter | arbitrary | execute | LoveCMS | remote | allows | step | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.


Software vulnerabilities results 1 to 20 of 71     
Page: 1234