19 matches found
CVE-2005-4574
CVE-2005-4574 is an XSS vulnerability in PaperThin CommonSpot Content Server 4.5 and earlier, triggered by the bNewWindow parameter in loader.cfm. Exploitation would allow remote attackers to inject arbitrary web script/HTML. Public references (NVD entry and related advisories) corroborate the is...
CVE-2014-2873
CVE-2014-2873 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3, where log files are accessible without authentication. The root cause is missing authentication for access to log files, enabling remote attackers to obtain sensitive server information by requesting files with a pr...
CVE-2014-2874
CVE-2014-2874 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context, i.e., a remote code execution flaw on the server. Root cause details are not elaborated in the prov...
CVE-2014-2868
CVE-2014-2868 affects PaperThin CommonSpot (before 7.0.2 and 8.x before 8.0.3). The issue allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable, as described in the CVE entries and Red Hat advisory references. Connecte...
CVE-2005-4575
PaperThin CommonSpot Content Server 4.5 and earlier is affected. An attacker can trigger an error by passing an invalid errmsg parameter to loader.cfm with the url parameter set to email-login-info.cfm, causing the full filesystem pathname to be exposed in the error message. The vulnerability lea...
CVE-2014-2864
CVE-2014-2864 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability is a directory traversal via a filename parameter, allowing remote attackers to cause an unspecified impact. Documents consistently describe the issue but do not provide concrete exploitation details, ...
CVE-2014-2869
The provided data confirms CVE-2014-2869 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3, where remote attackers can disclose sensitive information by requesting unspecified URIs. Impact details stated include exposure of pathname, SQL server information, e-mail addresses, and IP a...
CVE-2014-2870
The CVE-2014-2870 entry affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Root cause: default configuration stores credentials in cleartext in the application database, enabling context-dependent attackers to obtain sensitive information. No explicit exploit vectors, affected versio...
CVE-2014-2871
Affected software: PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Vulnerability: login pages rely on an HTTP session, allowing remote attackers to sniff credentials and obtain sensitive information. No remediation details are provided in the connected documents. If present, apply patches...
CVE-2014-2859
CommonSpot (PaperThin) before 7.0.2 and 8.x before 8.0.3 is affected by CVE-2014-2859, which allows remote attackers to bypass intended access restrictions via a direct request. The connected sources confirm the affected versions and the access-bypass nature, but do not provide exploit code, conc...
CVE-2014-2867
CVE-2014-2867 concerns PaperThin CommonSpot where an unrestricted file upload vulnerability could allow remote code execution by uploading a ColdFusion page. Affected versions are before 7.0.2 and 8.x before 8.0.3 ; vectors are not specified in the provided materials. The connected documents do n...
CVE-2010-0468
CVE-2010-0468 is a cross-site scripting (XSS) vulnerability in PaperThin CommonSpot Content Server, specifically in utilities/longproc.cfm, allowing remote attackers to inject arbitrary web script or HTML via the url parameter. The NVD entry describes the exposure but does not provide a documente...
CVE-2014-2865
CVE-2014-2865 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to bypass intended access restrictions by using a NULL byte ('\0') in a pathname on the drive that contains the web root for a ColdFusion installation. The available documen...
CVE-2014-2866
CommonSpot (PaperThin) before 7.0.2 and 8.x before 8.0.3 is vulnerable because access restrictions rely on client-side JavaScript, which can be bypassed by an attacker who can modify that code to perform operations that should be restricted. The Red Hat security entry documents the same descripti...
CVE-2014-2863
CVE-2014-2863 describes multiple absolute path traversal vulnerabilities in PaperThin CommonSpot reported for versions before 7.0.2 and 8.x before 8.0.3. The flaw allows remote attackers to cause an unspecified impact by supplying a full pathname in a parameter. The connected documents corroborat...
CVE-2014-2861
PaperThin CommonSpot is affected: versions prior to 7.0.2 and 8.x prior to 8.0.3 suffer an incomplete blacklist vulnerability that enables remote XSS via a crafted string. The issue is demonstrated by bypassing a protection that removes only the word "alert". Connected sources confirm the affecte...
CVE-2014-2862
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 contains improper authorization checks, allowing remote authenticated users to perform actions via unknown vectors. Affected software: CommonSpot. Root cause: missing/insufficient authorization in unspecified requests. Impact: unauthorized ac...
CVE-2014-2872
CVE-2014-2872 concerns PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to obtain potentially sensitive information through directory listing, via unspecified vectors. Impact is information disclosure; exploitation details, affected components,...
CVE-2014-2860
CVE-2014-2860 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability is a cross-site scripting (XSS) flaw that can be triggered via a crafted HTTP request to either a ColdFusion or JavaScript component, allowing remote attackers to inject arbitrary web script or HTM...