|
290511
|
- |
|
paperthin
|
commonspot_content_server
|
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing i…
|
NVD-CWE-Other
|
CVE-2014-2867
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290512
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.
|
CWE-94
Code Injection
|
CVE-2014-2866
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290513
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2865
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290514
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directo…
|
CWE-22
Path Traversal
|
CVE-2014-2864
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290515
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
|
CWE-22
Path Traversal
|
CVE-2014-2863
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290516
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2862
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290517
|
- |
|
paperthin
|
commonspot_content_server
|
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrate…
|
NVD-CWE-Other
|
CVE-2014-2861
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290518
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request …
|
CWE-79
Cross-site Scripting
|
CVE-2014-2860
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290519
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2859
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290520
|
- |
|
juniper
|
screenos
|
Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.
|
CWE-399
Resource Management Errors
|
CVE-2014-2842
|
2024-11-21 11:07 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
