Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
M-server Project M-server
NA
CVE-2008-1293
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote malicious users to connect to this server via TCP port 6006 (aka display :6).
Ltsp Linux Terminal Server Project 0.99
Ltsp Linux Terminal Server Project 2
NA
CVE-2011-1911
JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.
Jasperforge Jasperreports Server Community Project 3.7.0
Jasperforge Jasperreports Server Community Project 3.7.1
8.8
CVSSv3
CVE-2019-18213
XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTL...
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
6.5
CVSSv3
CVE-2019-18212
XMLLanguageService.java in XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows a remote malicious user to write to arbitrary files via Directory Traversal.
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
7.5
CVSSv3
CVE-2017-16147
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Shit-server Project Shit-server 1.0.0
7.5
CVSSv3
CVE-2017-16165
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Calmquist.static-server Project Calmquist.static-server 0.1.1
7.5
CVSSv3
CVE-2019-15600
A Path traversal exists in http_server which allows an malicious user to read arbitrary system files.
Http Server Project Http Server 1.0.12
9.8
CVSSv3
CVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows malicious user to execute arbitrary code via the username parameter.
Hotels Server Project Hotels Server 1.0
6.1
CVSSv3
CVE-2020-18102
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote malicious users to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
Hotels Server Project Hotels Server 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »