Vulnerabilities > CVE-2006-4994 - Unspecified vulnerability in Apachefriends Xampp 1.5.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html
- http://secdev.zoller.lu/research/xamp1.htm
- http://secdev.zoller.lu/research/xamp1.htm
- http://www.apachefriends.org/en/news-article%2C75557.html
- http://www.apachefriends.org/en/news-article%2C75557.html
- http://www.securityfocus.com/archive/1/434699/30/4860/threaded
- http://www.securityfocus.com/archive/1/434699/30/4860/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26581