|
258981
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
|
NVD-CWE-Other
|
CVE-2014-2868
|
2014-04-16 23:35 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258982
|
- |
|
paperthin
|
commonspot_content_server
|
Per http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"
|
NVD-CWE-Other
|
CVE-2014-2868
|
2014-04-16 23:35 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258983
|
- |
|
paperthin
|
commonspot_content_server
|
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing i…
|
NVD-CWE-Other
|
CVE-2014-2867
|
2014-04-16 23:26 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258984
|
- |
|
paperthin
|
commonspot_content_server
|
Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"
|
NVD-CWE-Other
|
CVE-2014-2867
|
2014-04-16 23:26 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258985
|
- |
|
vmware
|
player
workstation
|
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via…
|
CWE-399
Resource Management Errors
|
CVE-2014-2384
|
2014-04-16 23:23 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258986
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.
|
CWE-94
Code Injection
|
CVE-2014-2866
|
2014-04-16 23:22 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258987
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2865
|
2014-04-16 23:20 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258988
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directo…
|
CWE-22
Path Traversal
|
CVE-2014-2864
|
2014-04-16 23:18 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258989
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
|
CWE-22
Path Traversal
|
CVE-2014-2863
|
2014-04-16 23:16 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258990
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2862
|
2014-04-16 23:14 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
