CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6499 – XAMPP 1.6.8 - Cross-Site Request Forgery (Change Administrative Password)
https://notcve.org/view.php?id=CVE-2008-6499
20 Mar 2009 — security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. security/xamppsecurity.php en XAMPP v1.6.8 realiza una operación "extract" en el array superglobal SERVER, lo cual permite a atacantes remotos suplantar variables críticas, como lo demostrado a través del establecimiento de la variable REMOTE_ADDR de 127.0.0.1. • https://www.exploit-db.com/exploits/7384 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6498 – XAMPP 1.7.2 - Change Administrative Password
https://notcve.org/view.php?id=CVE-2008-6498
20 Mar 2009 — Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter. La vulnerabilidad de tipo cross-site request forgery (CSRF) en el archivo security/xamppsecurity.php en XAMPP versión 1.6.8, permite a los atacantes remotos secuestrar la autenticación de usuarios para las peticiones que cambian una determinada contraseña de .htaccess por... • https://www.exploit-db.com/exploits/10391 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 109EXPL: 0CVE-2009-0919
https://notcve.org/view.php?id=CVE-2009-0919
16 Mar 2009 — XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK... • http://ptk.dflabs.com/security.html • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4450
https://notcve.org/view.php?id=CVE-2008-4450
06 Oct 2008 — Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Una vulnerabilidad de secuencias de comándos en sitios cruzados (XSS) en adodb.php en XAMPP para Windows 1.6.8 permite a atacantes remotos inyectar secuencia... • http://secunia.com/advisories/32134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3569 – XAMPP Linux 1.6 - 'ming.php?text' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3569
10 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en XAMPP 1.6.7, cuando register_globals está activado, permite a atacantes remos inyectar secuencias de comandos web o HTML de su eleccción a través de los parámetros (1) iart.php y (2) ming.php. • https://www.exploit-db.com/exploits/32165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4994
https://notcve.org/view.php?id=CVE-2006-4994
26 Sep 2006 — Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. Múltiples vulnerabilidades de ruta de búsqueda Windows no entrecomillada en Apache Friends XAMPP 1.5.2 permite a usuarios locales obtener privilegios mediante un fichero... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html •