Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
M-server Project M-server
NA
CVE-2022-40016
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows malicious users to cause a denial of service.
Media-server Project Media-server
7.5
CVSSv2
CVE-2019-6497
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
Hotels Server Project Hotels Server
5
CVSSv2
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an malicious user to perform a path traversal when a symlink is used within the working directory.
Statics-server Project Statics-server
6.8
CVSSv2
CVE-2020-15135
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Dou...
Save-server Project Save-server
5
CVSSv2
CVE-2019-7648
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
Hotels Server Project Hotels Server
5
CVSSv2
CVE-2014-10066
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.
Fancy-server Project Fancy-server
4.3
CVSSv2
CVE-2018-3771
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Statics-server Project Statics-server
NA
CVE-2018-25087
A vulnerability classified as problematic was found in Arborator Server. This vulnerability affects the function start of the file project.cgi. The manipulation of the argument project leads to denial of service. Continious delivery with rolling releases is used by this product. ...
Arborator Server Project Arborator Server
NA
CVE-2022-25940
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Lite-server Project Lite-server -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »