Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xerver xerver 4.32 vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2009-3544
Xerver HTTP Server 4.32 allows remote malicious users to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
Xerver Xerver 4.32
1 EDB exploit
505
VMScore
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
265
VMScore
CVE-2009-3562
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote malicious users to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
Xerver Xerver 4.32
1 EDB exploit
505
VMScore
CVE-2009-4086
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party in...
Javascript Xerver Http Server 4.31
Javascript Xerver Http Server 4.32
1 EDB exploit
755
VMScore
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote malicious users to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
Omidrouhani Xerver 4.32
1 EDB exploit
405
VMScore
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
Omidrouhani Xerver 4.32
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started