Lucene search
K

116 matches found

Cvelist
Cvelist
added 2014/04/15 11:0 p.m.21 views

CVE-2014-2862

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors...

6.3AI score0.01775EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.17 views

CVE-2014-2859

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request...

6.7AI score0.02427EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.18 views

CVE-2014-2867

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors...

7.8AI score0.04941EPSS
Exploits0References1
CVE
CVE
added 2014/04/15 11:0 p.m.52 views

CVE-2014-2864

CVE-2014-2864 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability is a directory traversal via a filename parameter, allowing remote attackers to cause an unspecified impact. Documents consistently describe the issue but do not provide concrete exploitation details, ...

10CVSS7.1AI score0.05099EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/15 11:0 p.m.52 views

CVE-2014-2870

The CVE-2014-2870 entry affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Root cause: default configuration stores credentials in cleartext in the application database, enabling context-dependent attackers to obtain sensitive information. No explicit exploit vectors, affected versio...

5CVSS6.1AI score0.01472EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/15 11:0 p.m.50 views

CVE-2014-2867

CVE-2014-2867 concerns PaperThin CommonSpot where an unrestricted file upload vulnerability could allow remote code execution by uploading a ColdFusion page. Affected versions are before 7.0.2 and 8.x before 8.0.3 ; vectors are not specified in the provided materials. The connected documents do n...

10CVSS8AI score0.04941EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/15 11:0 p.m.46 views

CVE-2014-2863

CVE-2014-2863 describes multiple absolute path traversal vulnerabilities in PaperThin CommonSpot reported for versions before 7.0.2 and 8.x before 8.0.3. The flaw allows remote attackers to cause an unspecified impact by supplying a full pathname in a parameter. The connected documents corroborat...

10CVSS7.1AI score0.04165EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/15 11:0 p.m.55 views

CVE-2014-2873

CVE-2014-2873 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3, where log files are accessible without authentication. The root cause is missing authentication for access to log files, enabling remote attackers to obtain sensitive server information by requesting files with a pr...

5CVSS6.6AI score0.02088EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.21 views

CVE-2014-2873

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file...

6.4AI score0.02088EPSS
Exploits0References1
CVE
CVE
added 2014/04/15 11:0 p.m.51 views

CVE-2014-2871

Affected software: PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Vulnerability: login pages rely on an HTTP session, allowing remote attackers to sniff credentials and obtain sensitive information. No remediation details are provided in the connected documents. If present, apply patches...

5CVSS6.5AI score0.01957EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.23 views

CVE-2014-2863

Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter...

7AI score0.04165EPSS
Exploits0References1
CVE
CVE
added 2014/04/15 11:0 p.m.55 views

CVE-2014-2874

CVE-2014-2874 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context, i.e., a remote code execution flaw on the server. Root cause details are not elaborated in the prov...

10CVSS8AI score0.05079EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.20 views

CVE-2014-2861

Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string...

5.7AI score0.02156EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.15 views

CVE-2014-2860

Multiple cross-site scripting XSS vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a 1 ColdFusion or 2 JavaScript component...

5.7AI score0.02027EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.19 views

CVE-2014-2870

The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors...

6AI score0.01472EPSS
Exploits0References1
CVE
CVE
added 2014/04/15 11:0 p.m.46 views

CVE-2014-2865

CVE-2014-2865 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to bypass intended access restrictions by using a NULL byte ('\0') in a pathname on the drive that contains the web root for a ColdFusion installation. The available documen...

7.5CVSS6.9AI score0.02427EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/15 11:0 p.m.43 views

CVE-2014-2872

CVE-2014-2872 concerns PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to obtain potentially sensitive information through directory listing, via unspecified vectors. Impact is information disclosure; exploitation details, affected components,...

5CVSS6.4AI score0.01957EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.25 views

CVE-2014-2865

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation...

6.7AI score0.02427EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/15 11:0 p.m.23 views

CVE-2014-2872

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors...

6.3AI score0.01957EPSS
Exploits0References1
CVE
CVE
added 2014/04/15 11:0 p.m.44 views

CVE-2014-2861

PaperThin CommonSpot is affected: versions prior to 7.0.2 and 8.x prior to 8.0.3 suffer an incomplete blacklist vulnerability that enables remote XSS via a crafted string. The issue is demonstrated by bypassing a protection that removes only the word "alert". Connected sources confirm the affecte...

4.3CVSS5.8AI score0.02156EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder