Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
M-server Project M-server
4.8
CVSSv2
CVE-2008-1293
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote malicious users to connect to this server via TCP port 6006 (aka display :6).
Ltsp Linux Terminal Server Project 0.99
Ltsp Linux Terminal Server Project 2
6.8
CVSSv2
CVE-2011-1911
JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.
Jasperforge Jasperreports Server Community Project 3.7.0
Jasperforge Jasperreports Server Community Project 3.7.1
4
CVSSv2
CVE-2019-18212
XMLLanguageService.java in XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows a remote malicious user to write to arbitrary files via Directory Traversal.
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
6.5
CVSSv2
CVE-2019-18213
XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTL...
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
NA
CVE-2011-10005
A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the pu...
Easyftp Server Project Easyftp Server 1.7.0.2
4.3
CVSSv2
CVE-2020-18102
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote malicious users to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
Hotels Server Project Hotels Server 1.0
NA
CVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows malicious user to execute arbitrary code via the username parameter.
Hotels Server Project Hotels Server 1.0
5
CVSSv2
CVE-2017-16147
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Shit-server Project Shit-server 1.0.0
5
CVSSv2
CVE-2017-16165
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Calmquist.static-server Project Calmquist.static-server 0.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »