Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by wampserver
CVE-2022-36565 (GCVE-0-2022-36565)
Vulnerability from cvelistv5 – Published: 2022-08-30 20:05 – Updated: 2024-08-03 10:07
VLAI
Summary
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vul… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T20:05:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md",
"refsource": "MISC",
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36565",
"datePublished": "2022-08-30T20:05:56.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11517 (GCVE-0-2019-11517)
Vulnerability from cvelistv5 – Published: 2019-06-10 17:47 – Updated: 2024-08-04 22:55
VLAI
Summary
WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/bugtraq/2019/Jun/10 | mailing-listx_refsource_BUGTRAQ |
Date Public
2019-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T17:49:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11517",
"datePublished": "2019-06-10T17:47:49.000Z",
"dateReserved": "2019-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000848 (GCVE-0-2018-1000848)
Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://forum.wampserver.com/read.php?2%2C153491 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C153491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C153491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.486534",
"DATE_REQUESTED": "2018-11-18T12:33:39",
"ID": "CVE-2018-1000848",
"REQUESTER": "wampserver@otomatic.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.wampserver.com/read.php?2,153491",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,153491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000848",
"datePublished": "2018-12-20T15:00:00.000Z",
"dateReserved": "2018-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:10.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8817 (GCVE-0-2018-8817)
Vulnerability from cvelistv5 – Published: 2018-03-25 19:00 – Updated: 2024-08-05 07:02
VLAI
Summary
Wampserver before 3.1.3 has CSRF in add_vhost.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44385/ | exploitx_refsource_EXPLOIT-DB |
| http://forum.wampserver.com/read.php?2%2C138295%2… | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Jun/10 | mailing-listx_refsource_BUGTRAQ |
Date Public
2018-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44385",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T10:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44385",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44385",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"name": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8817",
"datePublished": "2018-03-25T19:00:00.000Z",
"dateReserved": "2018-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:02:26.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8732 (GCVE-0-2018-8732)
Vulnerability from cvelistv5 – Published: 2018-03-19 20:00 – Updated: 2024-08-05 07:02
VLAI
Summary
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://forum.wampserver.com/read.php?2%2C138295%2… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44384/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"name": "44384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44384/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"name": "44384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44384/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.wampserver.com/read.php?2,138295,150615,page=6#msg-150615",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,138295,150615,page=6#msg-150615"
},
{
"name": "44384",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44384/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8732",
"datePublished": "2018-03-19T20:00:00.000Z",
"dateReserved": "2018-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:02:25.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10072 (GCVE-0-2016-10072)
Vulnerability from cvelistv5 – Published: 2016-12-27 07:25 – Updated: 2024-08-06 03:07 Disputed
VLAI
Summary
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/138948/wamp… | x_refsource_MISC |
| http://forum.wampserver.com/read.php?2%2C144473 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver |
Affected:
3.0.6
cpe:2.3:a:wampserver:wampserver:3.0.6:*:*:*:*:*:*:* |
Date Public
2016-12-26 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wampserver:wampserver:3.0.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wampserver",
"vendor": "wampserver",
"versions": [
{
"status": "affected",
"version": "3.0.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-10072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:05:11.736813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:06:59.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 has two files called \u0027wampmanager.exe\u0027 and \u0027unins000.exe\u0027 with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-27T04:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** WampServer 3.0.6 has two files called \u0027wampmanager.exe\u0027 and \u0027unins000.exe\u0027 with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"name": "http://forum.wampserver.com/read.php?2,144473",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,144473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10072",
"datePublished": "2016-12-27T07:25:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10031 (GCVE-0-2016-10031)
Vulnerability from cvelistv5 – Published: 2016-12-27 07:25 – Updated: 2024-08-06 03:07 Disputed
VLAI
Summary
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/40967/ | exploitx_refsource_EXPLOIT-DB |
| https://packetstormsecurity.com/files/140279/Wamp… | x_refsource_MISC |
| https://sourceforge.net/p/wampserver/bugs/52/ | x_refsource_MISC |
| http://forum.wampserver.com/read.php?2%2C144473 | x_refsource_MISC |
Date Public
2016-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 installs two services called \u0027wampapache\u0027 and \u0027wampmysqld\u0027 with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-28T07:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** WampServer 3.0.6 installs two services called \u0027wampapache\u0027 and \u0027wampmysqld\u0027 with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"name": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"name": "https://sourceforge.net/p/wampserver/bugs/52/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"name": "http://forum.wampserver.com/read.php?2,144473",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,144473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10031",
"datePublished": "2016-12-27T07:25:00.000Z",
"dateReserved": "2016-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0700 (GCVE-0-2010-0700)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:59
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/62481 | vdb-entryx_refsource_OSVDB |
| http://zeroscience.mk/en/vulnerabilities/ZSL-2010… | x_refsource_MISC |
| http://zeroscience.mk/codes/wamp_xss.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/38357 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38706 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62481"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62481"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62481",
"refsource": "OSVDB",
"url": "http://osvdb.org/62481"
},
{
"name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php",
"refsource": "MISC",
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"name": "http://zeroscience.mk/codes/wamp_xss.txt",
"refsource": "MISC",
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0700",
"datePublished": "2010-02-23T20:00:00.000Z",
"dateReserved": "2010-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}