Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xampp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-8920
iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569.
Apachefriends Xampp 1.7.0
4.3
CVSSv2
CVE-2013-2586
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote malicious users to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
Apachefriends Xampp 1.8.1
1 EDB exploit
6.8
CVSSv2
CVE-2008-6498
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote malicious users to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
Apachefriends Xampp 1.6.8
2 EDB exploits
5.5
CVSSv2
CVE-2008-6499
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote malicious users to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
Apachefriends Xampp 1.6.8
1 EDB exploit
4.6
CVSSv2
CVE-2006-4994
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (...
Apachefriends Xampp 1.5.2
9.3
CVSSv2
CVE-2007-2079
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and previous versions for Windows uses untrusted input for the database server hostname, which allows remote malicious users to trigger a library buffer overflow and execute arbitrary code via a long host paramete...
Xampp Apache Distribution
1 EDB exploit
4.3
CVSSv2
CVE-2008-4450
Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote malicious users to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this infor...
Apache Friends Xampp 1.6.8
4.3
CVSSv2
CVE-2008-3569
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
Apache Friends Xampp 1.6.7
2 EDB exploits
7.5
CVSSv2
CVE-2007-2080
Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote malicious users to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
Xampp Apache Distribution 1.6.0a
1 EDB exploit
4.4
CVSSv2
CVE-2017-20018
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.
Apachefriends Xampp 7.1.1-0-vc14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »