Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
M-server Project M-server
NA
CVE-2008-1293
ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote malicious users to connect to this server via TCP port 6006 (aka display :6).
Ltsp Linux Terminal Server Project 0.99
Ltsp Linux Terminal Server Project 2
NA
CVE-2011-1911
JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.
Jasperforge Jasperreports Server Community Project 3.7.0
Jasperforge Jasperreports Server Community Project 3.7.1
6.5
CVSSv3
CVE-2019-18212
XMLLanguageService.java in XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows a remote malicious user to write to arbitrary files via Directory Traversal.
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
8.8
CVSSv3
CVE-2019-18213
XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTL...
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
8.8
CVSSv3
CVE-2011-10005
A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the pu...
Easyftp Server Project Easyftp Server 1.7.0.2
7.5
CVSSv3
CVE-2017-16147
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Shit-server Project Shit-server 1.0.0
9.8
CVSSv3
CVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows malicious user to execute arbitrary code via the username parameter.
Hotels Server Project Hotels Server 1.0
7.5
CVSSv3
CVE-2017-16165
calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Calmquist.static-server Project Calmquist.static-server 0.1.1
7.5
CVSSv3
CVE-2017-16183
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Iter-server Project Iter-server 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »