Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paperthin commonspot content server - vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2005-4575
PaperThin CommonSpot Content Server 4.5 and previous versions allow remote malicious users to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.
Paperthin Commonspot Content Server 3.2
Paperthin Commonspot Content Server 4.0
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 2.5
Paperthin Commonspot Content Server 3.0
435
VMScore
CVE-2005-4574
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the bNewWindow parameter.
Paperthin Commonspot Content Server 2.5
Paperthin Commonspot Content Server 3.0
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 3.2
Paperthin Commonspot Content Server 4.0
1 EDB exploit
668
VMScore
CVE-2014-2859
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to bypass intended access restrictions via a direct request.
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
578
VMScore
CVE-2014-2862
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.0
890
VMScore
CVE-2014-2863
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allow remote malicious users to have an unspecified impact via a full pathname in a parameter.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
890
VMScore
CVE-2014-2866
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 relies on client JavaScript code for access restrictions, which allows remote malicious users to perform unspecified operations by modifying this code.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
890
VMScore
CVE-2014-2867
Unrestricted file upload vulnerability in PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
668
VMScore
CVE-2014-2868
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
445
VMScore
CVE-2014-2869
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
445
VMScore
CVE-2014-2870
The default configuration of PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent malicious users to obtain sensitive information via unspecified vectors.
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »