Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xerver xerver vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0447
Directory traversal vulnerability in Xerver Free Web Server 2.10 and previous versions allows remote malicious users to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
Xerver Xerver
NA
CVE-2002-0448
Xerver Free Web Server 2.10 and previous versions allows remote malicious users to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
Xerver Xerver
1 EDB exploit
1 Github repository
NA
CVE-2005-4774
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote malicious users to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.
Xerver Xerver 4.17
1 EDB exploit
NA
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2009-3562
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2005-3293
Xerver 4.17 allows remote malicious users to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.
Xerver Xerver 4.17h
2 EDB exploits
NA
CVE-2009-3544
Xerver HTTP Server 4.32 allows remote malicious users to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2009-4086
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party in...
Javascript Xerver Http Server 4.31
Javascript Xerver Http Server 4.32
1 EDB exploit
NA
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote malicious users to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Omidrouhani Xerver 4.32
1 EDB exploit
NA
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Omidrouhani Xerver 4.32
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started