|
279791
|
- |
|
gopivotal
|
grails-resources
grails
|
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors rel…
|
CWE-22
Path Traversal
|
CVE-2014-2858
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279792
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2857
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279793
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
|
CWE-78
OS Command
|
CVE-2014-2874
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279794
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predict…
|
CWE-200
Information Exposure
|
CVE-2014-2873
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279795
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2014-2872
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279796
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the…
|
CWE-200
Information Exposure
|
CVE-2014-2871
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279797
|
- |
|
paperthin
|
commonspot_content_server
|
The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to o…
|
CWE-255
Credentials Management
|
CVE-2014-2870
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279798
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail addres…
|
CWE-200
Information Exposure
|
CVE-2014-2869
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279799
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
|
NVD-CWE-Other
|
CVE-2014-2868
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279800
|
- |
|
paperthin
|
commonspot_content_server
|
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing i…
|
NVD-CWE-Other
|
CVE-2014-2867
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
