Hello Bugtraq!
I want to warn you about multiple vulnerabilities in XAMPP. I disclosed at
my site multiple vulnerabilities in XAMPP in 2009 (in total 7 advisories).
And informed developers about them.
Also I published these vulnerabilities at securityvulns.ru
(securityvulns.com). And now I'm informing you about them. I will combine 7
advisories in 4 letters to mailing list.
Hello Sebastien!
You can confirm it by yourself. Just find a site on XAMPP (Google can help
you with it) and check the holes using PoCs which I provided.
> and what target of xampp is it ? win32 ? linux ?
As far as I remember last year when I found all these vulnerabilities in
XAMPP, it was XAMPP on Windows servers on all those sites where I found
these holes.
Hello Bugtraq!
I am continue informing you about multiple vulnerabilities in XAMPP.
-----------------------------
Advisory #3
-----------------------------
Vulnerabilities in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3233/
> Have you checked the newest aka (also known as) latest version which is
> actually: 1.7.3 ?
No, I didn't and there was a reason for it. All these 7 advisories were made
in 2009 (as it clear from Timeline which I made for all advisories). Only
now I sent them to Bugtraq. And that time XAMPP 1.7.1 was the latest
version.
Besides, in 2009 developer of XAMPP answered me (with thanks) only at one of
seven letters and he didn't mention about fixing any of holes which I found.
So there is possibility that all or some of these holes are still not fixed.
Hello Bugtraq!
I am continue informing you about multiple vulnerabilities in XAMPP.
-----------------------------
Advisory #5
-----------------------------
Vulnerabilities in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3257/
Hello Bugtraq!
I am continue informing you about multiple vulnerabilities in XAMPP.
-----------------------------
Advisory #7
-----------------------------
CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP
-----------------------------
URL: http://websecurity.com.ua/3285/
Oct 23 11:02:17 daemon kernel: Approaching the limit on PV entries,
consider increasing either the vm.pmap.shpgperproc or the
vm.pmap.pv_entry_max tunable.
3. PHP on Windows: XAMPP
=========================
XAMPP for Windows setup filename: xampp-win32-1.7.2.exe
PHP Version 5.3.0
Timeline:
----------------------------------------------------------------
Program : Xampp Linux 1.6.7
Type : Multiple Cross Site Scripting Vulnerabilities
Alert : Medium
----------------------------------------------------------------
