PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
http://www.securityfocus.com/bid/1557
http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html