CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5055 – Vulnerability of uncontrolled resource consumption in XAMPP
https://notcve.org/view.php?id=CVE-2024-5055
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. Vulnerabilidad de consumo descontrolado de recursos en XAMPP Windows, versiones 7.3.2 y anteriores. Esta vulnerabilidad existe cuando XAMPP intenta procesar muchas solicitudes HTTP incompletas, lo que provoca consumo de recursos y fallos del sistema. • https://www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-uncontrolled-resource-consumption-xampp • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0338 – Buffer Overflow Vulnerability in XAMPP
https://notcve.org/view.php?id=CVE-2024-0338
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). Se encontró una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en XAMPP que afecta a la versión 8.2.4 y anteriores. Un atacante podría ejecutar código arbitrario a través de un argumento de depuración de archivo largo que controla el controlador de excepciones estructurado (SEH). • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47637
https://notcve.org/view.php?id=CVE-2022-47637
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. El instalador en XAMPP hasta 8.1.12 permite a los usuarios locales escribir en el directorio C:\xampp. Los casos de uso comunes ejecutan archivos en C:\xampp con privilegios administrativos. • https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20018 – XAMPP Installer uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20018
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. • https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt https://vuldb.com/?id.100950 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29376
https://notcve.org/view.php?id=CVE-2022-29376
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. Se ha detectado que Xampp para Windows versiones v8.1.4 y anteriores, contiene permisos no seguros para su directorio de instalación, lo que permite a atacantes ejecutar código arbitrario por medio de la escritura excesiva de binarios ubicados en el directorio • https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md • CWE-276: Incorrect Default Permissions •