4 matches found
Code injection
Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...
CVE-2009-4657
CVE-2009-4657 affects the Xerver 4.32 administrator package. The vulnerability allows remote attackers to alter application settings because authentication is not required when connecting to the application on port 32123, demonstrated by setting the action option to wizardStep1. The vulnerability...
CVE-2009-4657
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1...
CVE-2009-4658
Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...