258431
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2865
|
2014-04-16 23:20 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258432
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directo…
|
CWE-22
Path Traversal
|
CVE-2014-2864
|
2014-04-16 23:18 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258433
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
|
CWE-22
Path Traversal
|
CVE-2014-2863
|
2014-04-16 23:16 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258434
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2862
|
2014-04-16 23:14 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258435
|
- |
|
paperthin
|
commonspot_content_server
|
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrate…
|
NVD-CWE-Other
|
CVE-2014-2861
|
2014-04-16 23:08 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258436
|
- |
|
paperthin
|
commonspot_content_server
|
Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"
|
NVD-CWE-Other
|
CVE-2014-2861
|
2014-04-16 23:08 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258437
|
- |
|
emc
|
documentum_content_server
|
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0642
|
2014-04-16 23:03 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258438
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2859
|
2014-04-16 22:58 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258439
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request …
|
CWE-79
Cross-site Scripting
|
CVE-2014-2860
|
2014-04-16 22:58 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258440
|
- |
|
xen
|
xen
|
The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" e…
|
CWE-399
Resource Management Errors
|
CVE-2014-2580
|
2014-04-16 22:57 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|