Lucene search
K
ApachefriendsXampp

13 matches found

CVE
CVE
added 2020/04/02 5:44 p.m.161 views

CVE-2020-11107

CVE-2020-11107 affects XAMPP on Windows prior to 7.2.29, 7.3.x prior to 7.3.16, and 7.4.x prior to 7.4.4. An unprivileged user can modify the xampp-control.ini configuration file to enable arbitrary command execution for all users (including admins). The root cause relates to insecure permission/...

8.8CVSS8.8AI score0.2247EPSS
CVE
CVE
added 2019/07/09 5:8 p.m.102 views

CVE-2019-8920

CVE-2019-8920 is described as an XSS in iart.php of XAMPP 1.7.0, related to CVE-2008-3569. Connected documents show CVE-2008-3569 detailing XSS vulnerabilities in XAMPP 1.6.7 via iart.php and ming.php, indicating a pattern of reflected/script injection in iart.php across XAMPP versions. The provi...

6.1CVSS6.2AI score0.03037EPSS
CVE
CVE
added 2024/02/02 9:13 a.m.92 views

CVE-2024-0338

CVE-2024-0338 describes a buffer overflow in XAMPP up to version 8.2.4, where an attacker could execute arbitrary code via a long file debug argument that controls the Structured Exception Handler (SEH). Affected product: XAMPP (≤ 8.2.4); root cause: SEH-related overflow in the debug argument han...

9.8CVSS9.7AI score0.00465EPSS
CVE
CVE
added 2022/05/23 8:16 p.m.83 views

CVE-2022-29376

CVE-2022-29376 concerns Xampp for Windows, affected in version 8.1.4 and below. The root issue is insecure permissions on the install directory, which could let an attacker overwrite binaries and execute arbitrary code. The NVD entry notes high-severity impact (CVSSv3.1: 8.8, network attack, no u...

8.8CVSS9AI score0.01194EPSS
CVE
CVE
added 2019/05/14 3:46 p.m.77 views

CVE-2019-8923

CVE-2019-8923 affects XAMPP 5.6.8 and earlier. The vulnerability is a SQL injection in the cds-fpdf.php jahr parameter, allowing remote input-based database querying due to insufficient input validation. Impact is listed as high to critical in sources (NVD CVSS 2.0/3.0), with potential for unauth...

9.8CVSS9.8AI score0.03903EPSS
CVE
CVE
added 2019/05/17 1:6 a.m.75 views

CVE-2019-8924

CVE-2019-8924 affects XAMPP for Windows up to version 5.6.8, with a Cross‑Site Scripting (XSS) vulnerability in the cds-fpdf.php script. The vulnerability is triggered via the interpret or titel parameters, allowing script injection in affected deployments. The associated documents consistently n...

6.1CVSS7.3AI score0.05665EPSS
CVE
CVE
added 2022/06/09 10:35 p.m.67 views

CVE-2017-20018

CVE-2017-20018 affects XAMPP 7.1.1-0-VC14, with the vulnerability in the Installer component involving an unknown function. The manipulation can lead to privilege escalation, and remote exploitation is possible. The connected documents do not provide concrete patch/version remediation details; ex...

7.8CVSS6.9AI score0.00595EPSS
CVE
CVE
added 2009/03/16 7:0 p.m.66 views

CVE-2009-0919

The CVE-2009-0919 entry describes insecure default credentials in XAMPP bundles, enabling remote access through (1) lampp/default password for the nobody account in ProFTPD, (2) a blank root password in the included MySQL installation, and (3) a blank pma password in phpMyAdmin, among potentially...

7.5CVSS9.4AI score0.06809EPSS
CVE
CVE
added 2014/09/29 10:0 p.m.66 views

CVE-2013-2586

CVE-2013-2586 affects XAMPP 1.8.1. The /xampp/lang.php page fails to restrict access, letting an unauthenticated user write to lang.tmp on local disk and trigger XSS via WriteIntoLocalDisk. Multiple sources (NVD/OpenVAS/Exploit-DB/Seebug) corroborate remote write access and local file modificatio...

4.3CVSS5.8AI score0.0521EPSS
Web
CVE
CVE
added 2023/09/12 12:0 a.m.64 views

CVE-2022-47637

CVE-2022-47637 affects the XAMPP Windows installer up to and including version 8.1.12. The installer allows local users to write to the C:\xampp directory, enabling potential execution of files under C:\xampp with administrative privileges. The Red Hat/PRION/PT-security entries corroborate the sa...

6.7CVSS6.5AI score0.00239EPSS
CVE
CVE
added 2009/03/20 12:0 a.m.53 views

CVE-2008-6498

XAMPP 1.6.8 is affected by a CSRF vulnerability in security/xamppsecurity.php that lets an attacker hijack the user’s authenticated session to change the .htaccess password via the xampppasswd parameter. This vulnerability is identified as CVE-2008-6498. Public references in the provided document...

6.8CVSS7.4AI score0.01049EPSS
Web
CVE
CVE
added 2009/03/20 12:0 a.m.53 views

CVE-2008-6499

CVE-2008-6499 affects XAMPP 1.6.8, where security/xamppsecurity.php performs an extract operation on the SERVER superglobal. This allows remote attackers to spoof critical variables, demonstrated by altering REMOTE_ADDR to 127.0.0.1. The root cause is improper handling of server variables during ...

5.5CVSS6.8AI score0.01556EPSS
Web
CVE
CVE
added 2006/09/26 1:43 a.m.51 views

CVE-2006-4994

The CVE-2006-4994 issue affects Apache Friends XAMPP 1.5.2 and is caused by unquoted Windows search paths in the launcher/executables. When a malicious program is placed under %SYSTEMDRIVE% and an executable (FileZillaServer.exe, mysqld-nt.exe, Perl.exe, or xamppcontrol.exe) is invoked with an un...

4.6CVSS7.4AI score0.00368EPSS