Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
M-server Project M-server
9.8
CVSSv3
CVE-2019-8393
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
Hotels Server Project Hotels Server
7.5
CVSSv3
CVE-2019-7648
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
Hotels Server Project Hotels Server
7.5
CVSSv3
CVE-2022-40016
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows malicious users to cause a denial of service.
Media-server Project Media-server
9.8
CVSSv3
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
9.8
CVSSv3
CVE-2015-10086
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is usi...
Server-php Project Server-php
7.5
CVSSv3
CVE-2014-10066
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.
Fancy-server Project Fancy-server
7.5
CVSSv3
CVE-2022-25940
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Lite-server Project Lite-server -
9.8
CVSSv3
CVE-2019-6497
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
Hotels Server Project Hotels Server
6.1
CVSSv3
CVE-2022-29589
Crypt Server prior to 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.
Crypt-server Project Crypt-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »