CVE-2005-1078

CVE-2005-1078 affects XAMPP 1.4.x with multiple default or null passwords. The underlying issue is default credentials in the XAMPP installation, allowing an attacker to gain privileges (attack vector: network; authentication: none; impact: partial confidentiality, integrity, and availability). T...

CVE-2005-1077

CVE-2005-1077 concerns XSS vulnerabilities in XAMPP 1.4.x , allowing remote attackers to inject arbitrary script/HTML via the endpoints cds.php , Guestbook-EN.pl , or phonebook.php . The NVD entry lists a Medium base score (4.3) with network attack vector and no authentication needed, but the doc...

CVE-2007-2079

The CVE-2007-2079 issue affects XAMPP 1.6.0a and earlier on Windows, where ADONewConnection::Connect in adodb.php uses an untrusted hostname input. This can trigger a library buffer overflow in mssql_connect/mssql_pconnect scenarios and allow arbitrary code execution by passing a long host parame...

CVE-2007-2080

CVE-2007-2080 involves multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows. The root cause is unspecified SQL injections in test scripts that allow remote attackers to execute arbitrary SQL commands. Affected product is XAMPP on Windows; impact is partial confidentiality, integrity...

CVE-2005-2043

CVE-2005-2043 affects XAMPP prior to 1.4.14, where a directory traversal via lang.php allows remote attackers to inject arbitrary HTML and PHP code. This is a server-side input handling flaw in the XAMPP package, enabling code injection through the vulnerable script. The available documents do no...