Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-18924
oauth2-server (aka node-oauth2-server) up to and including 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of &qu...
Oauth2-server Project Oauth2-server
668
VMScore
CVE-2022-31013
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code i...
Chat Server Project Chat Server
570
VMScore
CVE-2022-31530
The csm-aut/csm repository up to and including 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Csm Server Project Csm Server
570
VMScore
CVE-2022-31558
The tooxie/shiva-server repository up to and including 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Shiva-server Project Shiva-server
668
VMScore
CVE-2019-8393
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
Hotels Server Project Hotels Server
383
VMScore
CVE-2022-29589
Crypt Server prior to 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.
Crypt-server Project Crypt-server
445
VMScore
CVE-2019-7648
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
Hotels Server Project Hotels Server
312
VMScore
CVE-2018-16484
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
M-server Project M-server
445
VMScore
CVE-2017-16038
`f2e-server` 1.12.11 and previous versions is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
F2e-server Project F2e-server
445
VMScore
CVE-2017-16090
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Fsk-server Project Fsk-server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »