Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xerver xerver 4.32 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3544
Xerver HTTP Server 4.32 allows remote malicious users to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2009-3562
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
NA
CVE-2009-4086
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party in...
Javascript Xerver Http Server 4.31
Javascript Xerver Http Server 4.32
1 EDB exploit
NA
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote malicious users to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Omidrouhani Xerver 4.32
1 EDB exploit
NA
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Omidrouhani Xerver 4.32
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started