Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xerver xerver vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2002-0447
Directory traversal vulnerability in Xerver Free Web Server 2.10 and previous versions allows remote malicious users to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
Xerver Xerver
5
CVSSv2
CVE-2002-0448
Xerver Free Web Server 2.10 and previous versions allows remote malicious users to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
Xerver Xerver
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2009-3544
Xerver HTTP Server 4.32 allows remote malicious users to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Xerver Xerver 4.32
1 EDB exploit
5
CVSSv2
CVE-2005-3293
Xerver 4.17 allows remote malicious users to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.
Xerver Xerver 4.17h
2 EDB exploits
5
CVSSv2
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
2.6
CVSSv2
CVE-2009-3562
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
4.3
CVSSv2
CVE-2005-4774
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote malicious users to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.
Xerver Xerver 4.17
1 EDB exploit
5
CVSSv2
CVE-2009-4086
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party in...
Javascript Xerver Http Server 4.31
Javascript Xerver Http Server 4.32
1 EDB exploit
7.5
CVSSv2
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote malicious users to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Omidrouhani Xerver 4.32
1 EDB exploit
4
CVSSv2
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Omidrouhani Xerver 4.32
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started