Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
war vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1036
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote malicious users to bypass authentication and gain administrative access via direct requests.
Jboss Jboss Application Server
2 EDB exploits
NA
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
9.8
CVSSv3
CVE-2015-9246
An issue exists in Skybox Platform prior to 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty...
Skyboxsecurity Skybox Platform
NA
CVE-2010-5323
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3 allows remote malicious users to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction wit...
Novell Zenworks Configuration Management 10.2
Novell Zenworks Configuration Management 10.1
Novell Zenworks Configuration Management 10.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
Apache Pluto 3.0.0
Apache Pluto 3.0.1
NA
CVE-2010-5324
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3 allows remote malicious users to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the ...
Novell Zenworks Configuration Management 10.2
Novell Zenworks Configuration Management 10.1
Novell Zenworks Configuration Management 10.0
1 EDB exploit
NA
CVE-1999-1003
War FTP Daemon 1.70 allows remote malicious users to cause a denial of service by flooding it with connections.
Jgaa Warftpd 1.70
NA
CVE-2000-0044
Macros in War FTP 1.70 and 1.67b2 allow local or remote malicious users to read arbitrary files or execute commands.
Jgaa Warftpd
Jgaa Warftpd 1.70b
4.9
CVSSv3
CVE-2023-47321
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
Silverpeas Silverpeas
NA
CVE-2000-0131
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
Jgaa Warftpd 1.66x4s
Jgaa Warftpd 1.67.3
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »