CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6498 – XAMPP 1.7.2 - Change Administrative Password
https://notcve.org/view.php?id=CVE-2008-6498
20 Mar 2009 — Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter. La vulnerabilidad de tipo cross-site request forgery (CSRF) en el archivo security/xamppsecurity.php en XAMPP versión 1.6.8, permite a los atacantes remotos secuestrar la autenticación de usuarios para las peticiones que cambian una determinada contraseña de .htaccess por... • https://www.exploit-db.com/exploits/10391 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 109EXPL: 0CVE-2009-0919
https://notcve.org/view.php?id=CVE-2009-0919
16 Mar 2009 — XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK... • http://ptk.dflabs.com/security.html • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4994
https://notcve.org/view.php?id=CVE-2006-4994
26 Sep 2006 — Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. Múltiples vulnerabilidades de ruta de búsqueda Windows no entrecomillada en Apache Friends XAMPP 1.5.2 permite a usuarios locales obtener privilegios mediante un fichero... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html •