Xerver
by Xerver
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-3293 | 0.04 | — | 0.14 | Oct 23, 2005 | Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character. | ||
| CVE-2002-0448 | 0.04 | — | 0.08 | Jul 26, 2002 | Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences. | ||
| CVE-2009-4658 | 0.03 | — | 0.01 | Mar 3, 2010 | Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | ||
| CVE-2009-4657 | 0.03 | — | 0.01 | Mar 3, 2010 | The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1. | ||
| CVE-2009-3562 | 0.03 | — | 0.01 | Oct 5, 2009 | Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. | ||
| CVE-2009-3561 | 0.03 | — | 0.01 | Oct 5, 2009 | Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action. | ||
| CVE-2009-3544 | 0.03 | — | 0.04 | Oct 5, 2009 | Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name. | ||
| CVE-2005-4774 | 0.03 | — | 0.01 | Dec 31, 2005 | Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | ||
| CVE-2002-0447 | 0.00 | — | 0.01 | Jul 26, 2002 | Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request. |
- CVE-2005-3293Oct 23, 2005risk 0.04cvss —epss 0.14
Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.
- CVE-2002-0448Jul 26, 2002risk 0.04cvss —epss 0.08
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
- CVE-2009-4658Mar 3, 2010risk 0.03cvss —epss 0.01
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
- CVE-2009-4657Mar 3, 2010risk 0.03cvss —epss 0.01
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
- CVE-2009-3562Oct 5, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
- CVE-2009-3561Oct 5, 2009risk 0.03cvss —epss 0.01
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
- CVE-2009-3544Oct 5, 2009risk 0.03cvss —epss 0.04
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
- CVE-2005-4774Dec 31, 2005risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.
- CVE-2002-0447Jul 26, 2002risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request.