CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0338 – Buffer Overflow Vulnerability in XAMPP
https://notcve.org/view.php?id=CVE-2024-0338
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). Se encontró una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en XAMPP que afecta a la versión 8.2.4 y anteriores. Un atacante podría ejecutar código arbitrario a través de un argumento de depuración de archivo largo que controla el controlador de excepciones estructurado (SEH). • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47637
https://notcve.org/view.php?id=CVE-2022-47637
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. El instalador en XAMPP hasta 8.1.12 permite a los usuarios locales escribir en el directorio C:\xampp. Los casos de uso comunes ejecutan archivos en C:\xampp con privilegios administrativos. • https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20018 – XAMPP Installer uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20018
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. • https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt https://vuldb.com/?id.100950 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29376
https://notcve.org/view.php?id=CVE-2022-29376
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. Se ha detectado que Xampp para Windows versiones v8.1.4 y anteriores, contiene permisos no seguros para su directorio de instalación, lo que permite a atacantes ejecutar código arbitrario por medio de la escritura excesiva de binarios ubicados en el directorio • https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 4CVE-2020-11107 – XAMPP 7.4.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-11107
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. Se detectó un problema en XAMPP versiones anteriores a 7.2.29, versiones 7.3.x anteriores a 7.3.16 y versiones 7.4.x anteriores a 7.4.4 en Windows. Un usuario no privilegiado puede cambiar una configuración de .exe en xampp-contol.ini para todos los usuarios (incluyendo los administradores) para permitir una ejecución de comandos arbitraria. XAMPP version 7.4.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/50337 https://github.com/S1lkys/CVE-2020-11107 https://github.com/andripwn/CVE-2020-11107 http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html https://www.apachefriends.org/blog/new_xampp_20200401.html • CWE-732: Incorrect Permission Assignment for Critical Resource •