Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
war vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1036
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote malicious users to bypass authentication and gain administrative access via direct requests.
Jboss Jboss Application Server
2 EDB exploits
9.8
CVSSv3
CVE-2015-9246
An issue exists in Skybox Platform prior to 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty...
Skyboxsecurity Skybox Platform
NA
CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
NA
CVE-2010-5323
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3 allows remote malicious users to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction wit...
Novell Zenworks Configuration Management 10.0
Novell Zenworks Configuration Management 10.1
Novell Zenworks Configuration Management 10.2
1 EDB exploit
6.1
CVSSv3
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
Apache Pluto 3.0.0
Apache Pluto 3.0.1
NA
CVE-2010-5324
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 prior to 10.3 allows remote malicious users to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the ...
Novell Zenworks Configuration Management 10.0
Novell Zenworks Configuration Management 10.2
Novell Zenworks Configuration Management 10.1
1 EDB exploit
NA
CVE-1999-1003
War FTP Daemon 1.70 allows remote malicious users to cause a denial of service by flooding it with connections.
Jgaa Warftpd 1.70
NA
CVE-2000-0044
Macros in War FTP 1.70 and 1.67b2 allow local or remote malicious users to read arbitrary files or execute commands.
Jgaa Warftpd 1.70b
Jgaa Warftpd
NA
CVE-2000-0131
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
Jgaa Warftpd 1.66x4s
Jgaa Warftpd 1.67.3
1 EDB exploit
1 Github repository
4.9
CVSSv3
CVE-2023-47321
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
Silverpeas Silverpeas
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »