NVD List
| Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 17434 | CVE-2016-10072 | ** DISPUTED ** WampServer 3.0.6 has two files called "wampmanager.exe" and "unins000.exe" with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which ""someone" (an attacker) is able to replace files on a PC" is not "the fault of WampServer." | 2 | 6.9 | Medium | 2017-01-19 | 2016-12-28 | View | |
| 17422 | CVE-2016-10031 | ** DISPUTED ** WampServer 3.0.6 installs two services called "wampapache" and "wampmysqld" with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which ""someone" (an attacker) is able to replace files on a PC" is not "the fault of WampServer." | 2 | 6.9 | Medium | 2017-01-19 | 2016-12-30 | View | |
| 11222 | CVE-2011-4899 | ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments. | 2 | 7.5 | High | 2017-01-07 | 2012-01-31 | View | |
| 42989 | CVE-2012-0937 | ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time. | 2 | 5 | Medium | 2017-01-19 | 2012-01-31 | View | |
| 11221 | CVE-2011-4898 | ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective. | 2 | 5 | Medium | 2017-01-07 | 2012-01-31 | View |
Page 99 of 17672, showing 5 records out of 88360 total, starting on record 491, ending on 495
