CVSS: 9.8EPSS: 1%CPEs: 109EXPL: 0CVE-2009-0919
https://notcve.org/view.php?id=CVE-2009-0919
16 Mar 2009 — XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK... • http://ptk.dflabs.com/security.html • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4450
https://notcve.org/view.php?id=CVE-2008-4450
06 Oct 2008 — Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Una vulnerabilidad de secuencias de comándos en sitios cruzados (XSS) en adodb.php en XAMPP para Windows 1.6.8 permite a atacantes remotos inyectar secuencia... • http://secunia.com/advisories/32134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3569 – XAMPP Linux 1.6 - 'ming.php?text' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3569
10 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en XAMPP 1.6.7, cuando register_globals está activado, permite a atacantes remos inyectar secuencias de comandos web o HTML de su eleccción a través de los parámetros (1) iart.php y (2) ming.php. • https://www.exploit-db.com/exploits/32165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4994
https://notcve.org/view.php?id=CVE-2006-4994
26 Sep 2006 — Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. Múltiples vulnerabilidades de ruta de búsqueda Windows no entrecomillada en Apache Friends XAMPP 1.5.2 permite a usuarios locales obtener privilegios mediante un fichero... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html •