CVE-2009-4657

Xerver 4.32 - Auth Bypass

Title source: llm

Description

The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dr_IDE · textdoswindows

https://www.exploit-db.com/exploits/9717

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/36454

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9717

Scores

EPSS 0.0141

EPSS Percentile 80.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

omidrouhani/xerver

Timeline

Published Mar 03, 2010

Tracked Since Feb 18, 2026