Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-3771
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Statics-server Project Statics-server
NA
CVE-2011-1911
JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.
Jasperforge Jasperreports Server Community Project 3.7.0
Jasperforge Jasperreports Server Community Project 3.7.1
NA
CVE-2008-1293
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote malicious users to connect to this server via TCP port 6006 (aka display :6).
Ltsp Linux Terminal Server Project 0.99
Ltsp Linux Terminal Server Project 2
6.5
CVSSv3
CVE-2019-18212
XMLLanguageService.java in XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows a remote malicious user to write to arbitrary files via Directory Traversal.
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
8.8
CVSSv3
CVE-2019-18213
XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTL...
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
6.1
CVSSv3
CVE-2020-18102
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote malicious users to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
Hotels Server Project Hotels Server 1.0
7.5
CVSSv3
CVE-2017-16147
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Shit-server Project Shit-server 1.0.0
7.5
CVSSv3
CVE-2017-16183
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Iter-server Project Iter-server 1.0.0
7.5
CVSSv3
CVE-2017-16165
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Calmquist.static-server Project Calmquist.static-server 0.1.1
7.5
CVSSv3
CVE-2019-15600
A Path traversal exists in http_server which allows an malicious user to read arbitrary system files.
Http Server Project Http Server 1.0.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »