CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5055 – Vulnerability of uncontrolled resource consumption in XAMPP
https://notcve.org/view.php?id=CVE-2024-5055
17 May 2024 — Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. Vulnerabilidad de consumo descontrolado de recursos en XAMPP Windows, versiones 7.3.2 y anteriores. Esta vulnerabilidad existe cuando XAMPP intenta procesar muchas solicitudes HTTP incompletas, lo que provoca consumo de recursos y fallos del sistema. • https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0338 – Buffer Overflow Vulnerability in XAMPP
https://notcve.org/view.php?id=CVE-2024-0338
02 Feb 2024 — A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). Se encontró una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en XAMPP que afecta a la versión 8.2.4 y anteriores. Un atacante podría ejecutar código arbitrario a través de un argumento de depuración de archivo largo que controla el controlador de excepciones estruc... • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47637
https://notcve.org/view.php?id=CVE-2022-47637
12 Sep 2023 — The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. El instalador en XAMPP hasta 8.1.12 permite a los usuarios locales escribir en el directorio C:\xampp. Los casos de uso comunes ejecutan archivos en C:\xampp con privilegios administrativos. • https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20018 – XAMPP Installer uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20018
09 Jun 2022 — A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. • https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29376
https://notcve.org/view.php?id=CVE-2022-29376
23 May 2022 — Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. Se ha detectado que Xampp para Windows versiones v8.1.4 y anteriores, contiene permisos no seguros para su directorio de instalación, lo que permite a atacantes ejecutar código arbitrario por medio de la escritura excesiva de binarios ubicados en el directorio • https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 5CVE-2020-11107 – XAMPP 7.4.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-11107
02 Apr 2020 — An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. Se detectó un problema en XAMPP versiones anteriores a 7.2.29, versiones 7.3.x anteriores a 7.3.16 y versiones 7.4.x anteriores a 7.4.4 en Windows. Un usuario no privilegiado puede cambiar una configuración de .exe en xampp-contol.ini para todos los usuarios (in... • https://packetstorm.news/files/id/164292 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8920
https://notcve.org/view.php?id=CVE-2019-8920
09 Jul 2019 — iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. En el archivo iart.php en XAMPP versión 1.7.0, presenta una vulnerabilidad de tipo XSS, un problema relacionado con el CVE-2008-3569. • http://www.securityfocus.com/bid/109120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2019-8924 – XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8924
19 Feb 2019 — XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. XAMPP a través de la versión 5.6.8 permite una vulnerabilidad de XSS por medio del archivo cds-fpdf.php en el parámetro interpret o titel. NOTA: Este producto está suspendido. XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/151756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 3CVE-2019-8923 – XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8923
19 Feb 2019 — XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. En XAMPP hasta la versión 5.6.8 y anterior, permite la inyección de SQL por medio del parámetro cds-fpdf.php jahr. NOTA: Este producto está descatalogado. XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/151756 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 6CVE-2013-2586 – XAMPP 1.8.1 - 'lang.php?WriteIntoLocalDisk method' Local Write Access
https://notcve.org/view.php?id=CVE-2013-2586
26 Sep 2013 — XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. XAMPP 1.8.1 no restringe debidamente el acceso a xampp/lang.php, lo que permite a atacantes remotos modificar xampp/lang.tmp y ejecutar ataques de XSS a través del método WriteIntoLocalDisk. XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. • https://packetstorm.news/files/id/123407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •