Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by Apachefriends
CVE-2024-0338 (GCVE-0-2024-0338)
Vulnerability from cvelistv5 – Published: 2024-02-02 09:13 – Updated: 2025-06-17 21:29
VLAI
Title
Buffer Overflow Vulnerability in XAMPP
Summary
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apachefriends | XAMPP |
Affected:
0 , ≤ 8.2.4
(custom)
|
Date Public
2024-01-10 11:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T21:05:33.968490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:24.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XAMPP",
"vendor": "Apachefriends",
"versions": [
{
"lessThanOrEqual": "8.2.4 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-01-10T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH)."
}
],
"value": "A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T09:13:40.398Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Apachefriends team is working on a fix for the reported vulnerability. It is recommended to download the latest version available (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.apachefriends.org/download.html)\"\u003ehttps://www.apachefriends.org/download.html)\u003c/a\u003e."
}
],
"value": "The Apachefriends team is working on a fix for the reported vulnerability. It is recommended to download the latest version available ( https://www.apachefriends.org/download.html) https://www.apachefriends.org/download.html) ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow Vulnerability in XAMPP",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-0338",
"datePublished": "2024-02-02T09:13:40.398Z",
"dateReserved": "2024-01-09T11:56:02.447Z",
"dateUpdated": "2025-06-17T21:29:24.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47637 (GCVE-0-2022-47637)
Vulnerability from cvelistv5 – Published: 2023-09-12 00:00 – Updated: 2024-09-26 15:17
VLAI
Summary
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| xampp | apache_distribution |
Affected:
8.1.12
cpe:2.3:a:xampp:apache_distribution:*:*:windows:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:35.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xampp:apache_distribution:*:*:windows:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_distribution",
"vendor": "xampp",
"versions": [
{
"status": "affected",
"version": "8.1.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T15:16:18.823686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:17:41.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer in XAMPP through 8.1.12 allows local users to write to the C:\\xampp directory. Common use cases execute files under C:\\xampp with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T21:10:46.762Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47637",
"datePublished": "2023-09-12T00:00:00.000Z",
"dateReserved": "2022-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-26T15:17:41.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20018 (GCVE-0-2017-20018)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:30
VLAI
Title
XAMPP Installer uncontrolled search path
Summary
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/142406/xamp… | x_refsource_MISC |
| https://vuldb.com/?id.100950 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | XAMPP |
Affected:
7.1.1-0-VC14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.100950"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:37.446527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:37.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "XAMPP",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "7.1.1-0-VC14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:49.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.100950"
}
],
"title": "XAMPP Installer uncontrolled search path",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20018",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "XAMPP Installer uncontrolled search path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XAMPP",
"version": {
"version_data": [
{
"version_value": "7.1.1-0-VC14"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt"
},
{
"name": "https://vuldb.com/?id.100950",
"refsource": "MISC",
"url": "https://vuldb.com/?id.100950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20018",
"datePublished": "2022-06-09T22:35:49.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:37.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29376 (GCVE-0-2022-29376)
Vulnerability from cvelistv5 – Published: 2022-05-23 20:16 – Updated: 2025-08-15 14:29
VLAI
Summary
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T14:29:17.540Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md"
},
{
"url": "https://github.com/ycdxsb/Vuln/blob/main/CVE-2022-29376/CVE-2022-29376.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md",
"refsource": "MISC",
"url": "https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29376",
"datePublished": "2022-05-23T20:16:04.000Z",
"dateReserved": "2022-04-16T00:00:00.000Z",
"dateUpdated": "2025-08-15T14:29:17.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11107 (GCVE-0-2020-11107)
Vulnerability from cvelistv5 – Published: 2020-04-02 17:44 – Updated: 2024-08-04 11:21
VLAI
Summary
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.apachefriends.org/blog/new_xampp_2020… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/164292/XAMPP… | x_refsource_MISC |
Date Public
2020-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apachefriends.org/blog/new_xampp_20200401.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T16:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apachefriends.org/blog/new_xampp_20200401.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.apachefriends.org/blog/new_xampp_20200401.html",
"refsource": "CONFIRM",
"url": "https://www.apachefriends.org/blog/new_xampp_20200401.html"
},
{
"name": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11107",
"datePublished": "2020-04-02T17:44:24.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8920 (GCVE-0-2019-8920)
Vulnerability from cvelistv5 – Published: 2019-07-09 17:08 – Updated: 2024-08-04 21:31
VLAI
Summary
iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.lucideus.com/2019/07/xampp-170-refle… | x_refsource_MISC |
| http://www.securityfocus.com/bid/109120 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.lucideus.com/2019/07/xampp-170-reflected-cross-site-scripting.html"
},
{
"name": "109120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T12:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.lucideus.com/2019/07/xampp-170-reflected-cross-site-scripting.html"
},
{
"name": "109120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.lucideus.com/2019/07/xampp-170-reflected-cross-site-scripting.html",
"refsource": "MISC",
"url": "https://blog.lucideus.com/2019/07/xampp-170-reflected-cross-site-scripting.html"
},
{
"name": "109120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8920",
"datePublished": "2019-07-09T17:08:48.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8924 (GCVE-0-2019-8924)
Vulnerability from cvelistv5 – Published: 2019-05-17 01:06 – Updated: 2024-08-04 21:31
VLAI
Summary
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151756/XAMPP… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Feb/43 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107168 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/46424/ | x_refsource_MISC |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
Date Public
2019-02-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T01:06:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/107168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Feb/43",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
},
{
"name": "http://www.securityfocus.com/bid/107168",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/107168"
},
{
"name": "https://www.exploit-db.com/exploits/46424/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8924",
"datePublished": "2019-05-17T01:06:58.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8923 (GCVE-0-2019-8923)
Vulnerability from cvelistv5 – Published: 2019-05-14 15:46 – Updated: 2024-08-04 21:31
VLAI
Summary
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/151756/XAMPP… | x_refsource_MISC |
| http://www.securityfocus.com/bid/107168 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/46424/ | exploitx_refsource_EXPLOIT-DB |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
| https://sourceforge.net/projects/xampp/files/XAMP… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Feb/43 | mailing-listx_refsource_FULLDISC |
Date Public
2019-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "107168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107168"
},
{
"name": "46424",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
},
{
"name": "20190217 [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-14T15:46:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "107168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107168"
},
{
"name": "46424",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
},
{
"name": "20190217 [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "107168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107168"
},
{
"name": "46424",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46424/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"
},
{
"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"
},
{
"name": "20190217 [CVE-2019-8923, CVE-2019-8924] SQL injection and persistent Cross Site Scripting in XAMPP 5.6.8 (and previous)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8923",
"datePublished": "2019-05-14T15:46:15.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2586 (GCVE-0-2013-2586)
Vulnerability from cvelistv5 – Published: 2014-09-29 22:00 – Updated: 2024-08-06 15:44
VLAI
Summary
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/123407/XAMPP… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/97780 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/28654 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/62665 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-09-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html"
},
{
"name": "20130926 XAMPP 1.8.1 Local Write Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0131.html"
},
{
"name": "97780",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97780"
},
{
"name": "28654",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/28654"
},
{
"name": "62665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62665"
},
{
"name": "xampp-cve20122586-lang-security-bypass(87499)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html"
},
{
"name": "20130926 XAMPP 1.8.1 Local Write Access Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0131.html"
},
{
"name": "97780",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97780"
},
{
"name": "28654",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/28654"
},
{
"name": "62665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62665"
},
{
"name": "xampp-cve20122586-lang-security-bypass(87499)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html"
},
{
"name": "20130926 XAMPP 1.8.1 Local Write Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0131.html"
},
{
"name": "97780",
"refsource": "OSVDB",
"url": "http://osvdb.org/97780"
},
{
"name": "28654",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/28654"
},
{
"name": "62665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62665"
},
{
"name": "xampp-cve20122586-lang-security-bypass(87499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2586",
"datePublished": "2014-09-29T22:00:00.000Z",
"dateReserved": "2013-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6499 (GCVE-0-2008-6499)
Vulnerability from cvelistv5 – Published: 2009-03-20 00:00 – Updated: 2024-08-07 11:34
VLAI
Summary
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/7384 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "xampp-xamppsecurity-ip-spoofing(47202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "xampp-xamppsecurity-ip-spoofing(47202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7384",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "xampp-xamppsecurity-ip-spoofing(47202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6499",
"datePublished": "2009-03-20T00:00:00.000Z",
"dateReserved": "2009-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6498 (GCVE-0-2008-6498)
Vulnerability from cvelistv5 – Published: 2009-03-20 00:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/7384 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/32134 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "32134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32134"
},
{
"name": "xampp-xamppsecurity-csrf(47201)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "32134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32134"
},
{
"name": "xampp-xamppsecurity-csrf(47201)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47201"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7384",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7384"
},
{
"name": "32134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32134"
},
{
"name": "xampp-xamppsecurity-csrf(47201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47201"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6498",
"datePublished": "2009-03-20T00:00:00.000Z",
"dateReserved": "2009-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0919 (GCVE-0-2009-0919)
Vulnerability from cvelistv5 – Published: 2009-03-16 19:00 – Updated: 2024-08-07 04:57
VLAI
Summary
XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://ptk.dflabs.com/security.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.apachefriends.org/en/faq-xampp-linux.html | x_refsource_CONFIRM |
| http://www.ibm.com/developerworks/linux/library/l… | x_refsource_MISC |
| http://www.debianhelp.co.uk/xampp.htm | x_refsource_MISC |
Date Public
2009-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-default-password(49306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apachefriends.org/en/faq-xampp-linux.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/linux/library/l-xampp/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debianhelp.co.uk/xampp.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the \"lampp\" default password for the \"nobody\" account within the included ProFTPD installation, (2) a blank default password for the \"root\" account within the included MySQL installation, (3) a blank default password for the \"pma\" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with \"no contact from / to internet.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-default-password(49306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apachefriends.org/en/faq-xampp-linux.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ibm.com/developerworks/linux/library/l-xampp/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debianhelp.co.uk/xampp.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the \"lampp\" default password for the \"nobody\" account within the included ProFTPD installation, (2) a blank default password for the \"root\" account within the included MySQL installation, (3) a blank default password for the \"pma\" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with \"no contact from / to internet.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-default-password(49306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49306"
},
{
"name": "http://www.apachefriends.org/en/faq-xampp-linux.html",
"refsource": "CONFIRM",
"url": "http://www.apachefriends.org/en/faq-xampp-linux.html"
},
{
"name": "http://www.ibm.com/developerworks/linux/library/l-xampp/",
"refsource": "MISC",
"url": "http://www.ibm.com/developerworks/linux/library/l-xampp/"
},
{
"name": "http://www.debianhelp.co.uk/xampp.htm",
"refsource": "MISC",
"url": "http://www.debianhelp.co.uk/xampp.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0919",
"datePublished": "2009-03-16T19:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:57:16.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4994 (GCVE-0-2006-4994)
Vulnerability from cvelistv5 – Published: 2006-09-26 01:43 – Updated: 2024-08-07 19:32
VLAI
Summary
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://secdev.zoller.lu/research/xamp1.htm | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/434699/30/… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.apachefriends.org/en/news-article%2C75… | x_refsource_CONFIRM |
Date Public
2006-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostarthttp",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secdev.zoller.lu/research/xamp1.htm"
},
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434699/30/4860/threaded"
},
{
"name": "xampp-insecure-start-path(26581)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apachefriends.org/en/news-article%2C75557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted \"Program Files\" pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostarthttp",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secdev.zoller.lu/research/xamp1.htm"
},
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434699/30/4860/threaded"
},
{
"name": "xampp-insecure-start-path(26581)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apachefriends.org/en/news-article%2C75557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted \"Program Files\" pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostarthttp",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html"
},
{
"name": "http://secdev.zoller.lu/research/xamp1.htm",
"refsource": "MISC",
"url": "http://secdev.zoller.lu/research/xamp1.htm"
},
{
"name": "20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434699/30/4860/threaded"
},
{
"name": "xampp-insecure-start-path(26581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26581"
},
{
"name": "http://www.apachefriends.org/en/news-article,75557.html",
"refsource": "CONFIRM",
"url": "http://www.apachefriends.org/en/news-article,75557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4994",
"datePublished": "2006-09-26T01:43:00.000Z",
"dateReserved": "2006-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}