Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xerver xerver vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2002-0447
Directory traversal vulnerability in Xerver Free Web Server 2.10 and previous versions allows remote malicious users to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
Xerver Xerver
NA
CVE-2002-0448
Xerver Free Web Server 2.10 and previous versions allows remote malicious users to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
Xerver Xerver
NA
CVE-2005-4774
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote malicious users to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.
Xerver Xerver 4.17
NA
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
NA
CVE-2009-3562
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
NA
CVE-2005-3293
Xerver 4.17 allows remote malicious users to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.
Xerver Xerver 4.17h
NA
CVE-2009-3544
Xerver HTTP Server 4.32 allows remote malicious users to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Xerver Xerver 4.32
NA
CVE-2009-4086
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party in...
Javascript Xerver Http Server 4.31Javascript Xerver Http Server 4.32
NA
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote malicious users to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Omidrouhani Xerver 4.32
NA
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Omidrouhani Xerver 4.32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook