Lucene search
K
PaperthinCommonspot Content Server

19 matches found

CVE
CVE
added 2005/12/29 11:0 a.m.58 views

CVE-2005-4574

CVE-2005-4574 is an XSS vulnerability in PaperThin CommonSpot Content Server 4.5 and earlier, triggered by the bNewWindow parameter in loader.cfm. Exploitation would allow remote attackers to inject arbitrary web script/HTML. Public references (NVD entry and related advisories) corroborate the is...

4.3CVSS6.7AI score0.01738EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.55 views

CVE-2014-2873

CVE-2014-2873 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3, where log files are accessible without authentication. The root cause is missing authentication for access to log files, enabling remote attackers to obtain sensitive server information by requesting files with a pr...

5CVSS6.6AI score0.02088EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.55 views

CVE-2014-2874

CVE-2014-2874 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context, i.e., a remote code execution flaw on the server. Root cause details are not elaborated in the prov...

10CVSS8AI score0.05079EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.53 views

CVE-2014-2868

CVE-2014-2868 affects PaperThin CommonSpot (before 7.0.2 and 8.x before 8.0.3). The issue allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable, as described in the CVE entries and Red Hat advisory references. Connecte...

7.5CVSS7.2AI score0.03349EPSS
CVE
CVE
added 2005/12/29 11:0 a.m.52 views

CVE-2005-4575

PaperThin CommonSpot Content Server 4.5 and earlier is affected. An attacker can trigger an error by passing an invalid errmsg parameter to loader.cfm with the url parameter set to email-login-info.cfm, causing the full filesystem pathname to be exposed in the error message. The vulnerability lea...

5CVSS6.6AI score0.01425EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.52 views

CVE-2014-2864

CVE-2014-2864 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. The vulnerability is a directory traversal via a filename parameter, allowing remote attackers to cause an unspecified impact. Documents consistently describe the issue but do not provide concrete exploitation details, ...

10CVSS7.1AI score0.05099EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.52 views

CVE-2014-2869

The provided data confirms CVE-2014-2869 affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3, where remote attackers can disclose sensitive information by requesting unspecified URIs. Impact details stated include exposure of pathname, SQL server information, e-mail addresses, and IP a...

5CVSS7AI score0.01973EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.52 views

CVE-2014-2870

The CVE-2014-2870 entry affects PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Root cause: default configuration stores credentials in cleartext in the application database, enabling context-dependent attackers to obtain sensitive information. No explicit exploit vectors, affected versio...

5CVSS6.1AI score0.01472EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.51 views

CVE-2014-2871

Affected software: PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3. Vulnerability: login pages rely on an HTTP session, allowing remote attackers to sniff credentials and obtain sensitive information. No remediation details are provided in the connected documents. If present, apply patches...

5CVSS6.5AI score0.01957EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.50 views

CVE-2014-2859

CommonSpot (PaperThin) before 7.0.2 and 8.x before 8.0.3 is affected by CVE-2014-2859, which allows remote attackers to bypass intended access restrictions via a direct request. The connected sources confirm the affected versions and the access-bypass nature, but do not provide exploit code, conc...

7.5CVSS6.9AI score0.02427EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.50 views

CVE-2014-2867

CVE-2014-2867 concerns PaperThin CommonSpot where an unrestricted file upload vulnerability could allow remote code execution by uploading a ColdFusion page. Affected versions are before 7.0.2 and 8.x before 8.0.3 ; vectors are not specified in the provided materials. The connected documents do n...

10CVSS8AI score0.04941EPSS
CVE
CVE
added 2010/02/02 5:0 p.m.47 views

CVE-2010-0468

CVE-2010-0468 is a cross-site scripting (XSS) vulnerability in PaperThin CommonSpot Content Server, specifically in utilities/longproc.cfm, allowing remote attackers to inject arbitrary web script or HTML via the url parameter. The NVD entry describes the exposure but does not provide a documente...

4.3CVSS5.9AI score0.01511EPSS
Web
CVE
CVE
added 2014/04/15 11:0 p.m.47 views

CVE-2014-2865

CVE-2014-2865 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to bypass intended access restrictions by using a NULL byte ('\0') in a pathname on the drive that contains the web root for a ColdFusion installation. The available documen...

7.5CVSS6.9AI score0.02427EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.47 views

CVE-2014-2866

CommonSpot (PaperThin) before 7.0.2 and 8.x before 8.0.3 is vulnerable because access restrictions rely on client-side JavaScript, which can be bypassed by an attacker who can modify that code to perform operations that should be restricted. The Red Hat security entry documents the same descripti...

10CVSS7.1AI score0.0344EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.46 views

CVE-2014-2863

CVE-2014-2863 describes multiple absolute path traversal vulnerabilities in PaperThin CommonSpot reported for versions before 7.0.2 and 8.x before 8.0.3. The flaw allows remote attackers to cause an unspecified impact by supplying a full pathname in a parameter. The connected documents corroborat...

10CVSS7.1AI score0.04165EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.44 views

CVE-2014-2861

PaperThin CommonSpot is affected: versions prior to 7.0.2 and 8.x prior to 8.0.3 suffer an incomplete blacklist vulnerability that enables remote XSS via a crafted string. The issue is demonstrated by bypassing a protection that removes only the word "alert". Connected sources confirm the affecte...

4.3CVSS5.8AI score0.02156EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.43 views

CVE-2014-2862

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 contains improper authorization checks, allowing remote authenticated users to perform actions via unknown vectors. Affected software: CommonSpot. Root cause: missing/insufficient authorization in unspecified requests. Impact: unauthorized ac...

6.5CVSS6.5AI score0.01775EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.43 views

CVE-2014-2872

CVE-2014-2872 concerns PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability allows remote attackers to obtain potentially sensitive information through directory listing, via unspecified vectors. Impact is information disclosure; exploitation details, affected components,...

5CVSS6.4AI score0.01957EPSS
CVE
CVE
added 2014/04/15 11:0 p.m.40 views

CVE-2014-2860

CVE-2014-2860 affects PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3. The vulnerability is a cross-site scripting (XSS) flaw that can be triggered via a crafted HTTP request to either a ColdFusion or JavaScript component, allowing remote attackers to inject arbitrary web script or HTM...

4.3CVSS5.8AI score0.02027EPSS