116 matches found
CVE-2014-2862
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors...
CVE-2014-2859
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request...
CVE-2014-2867
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors...
CVE-2014-2864
CVE-2014-2864 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability is a directory traversal via a filename parameter, allowing remote attackers to cause an unspecified impact. Documents consistently describe the issue but do not provide concrete exploitation details, ...
CVE-2014-2870
The CVE-2014-2870 entry affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Root cause: default configuration stores credentials in cleartext in the application database, enabling context-dependent attackers to obtain sensitive information. No explicit exploit vectors, affected versio...
CVE-2014-2867
CVE-2014-2867 concerns PaperThin CommonSpot where an unrestricted file upload vulnerability could allow remote code execution by uploading a ColdFusion page. Affected versions are before 7.0.2 and 8.x before 8.0.3 ; vectors are not specified in the provided materials. The connected documents do n...
CVE-2014-2863
CVE-2014-2863 describes multiple absolute path traversal vulnerabilities in PaperThin CommonSpot reported for versions before 7.0.2 and 8.x before 8.0.3. The flaw allows remote attackers to cause an unspecified impact by supplying a full pathname in a parameter. The connected documents corroborat...
CVE-2014-2873
CVE-2014-2873 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3, where log files are accessible without authentication. The root cause is missing authentication for access to log files, enabling remote attackers to obtain sensitive server information by requesting files with a pr...
CVE-2014-2873
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file...
CVE-2014-2871
Affected software: PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Vulnerability: login pages rely on an HTTP session, allowing remote attackers to sniff credentials and obtain sensitive information. No remediation details are provided in the connected documents. If present, apply patches...
CVE-2014-2863
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter...
CVE-2014-2874
CVE-2014-2874 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context, i.e., a remote code execution flaw on the server. Root cause details are not elaborated in the prov...
CVE-2014-2861
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string...
CVE-2014-2860
Multiple cross-site scripting XSS vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a 1 ColdFusion or 2 JavaScript component...
CVE-2014-2870
The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors...
CVE-2014-2865
CVE-2014-2865 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to bypass intended access restrictions by using a NULL byte ('\0') in a pathname on the drive that contains the web root for a ColdFusion installation. The available documen...
CVE-2014-2872
CVE-2014-2872 concerns PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to obtain potentially sensitive information through directory listing, via unspecified vectors. Impact is information disclosure; exploitation details, affected components,...
CVE-2014-2865
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation...
CVE-2014-2872
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors...
CVE-2014-2861
PaperThin CommonSpot is affected: versions prior to 7.0.2 and 8.x prior to 8.0.3 suffer an incomplete blacklist vulnerability that enables remote XSS via a crafted string. The issue is demonstrated by bypassing a protection that removes only the word "alert". Connected sources confirm the affecte...