Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-15 | CVE-2014-2864 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | 10.0 |
| 2014-04-15 | CVE-2014-2863 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | 10.0 |
| 2014-04-15 | CVE-2014-2862 | Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | 6.5 |
| 2014-04-15 | CVE-2014-2861 | Unspecified vulnerability in Paperthin Commonspot Content Server Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string. network paperthin | 4.3 |
| 2014-04-15 | CVE-2014-2860 | Cross-Site Scripting vulnerability in Paperthin Commonspot Content Server Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component. | 4.3 |
| 2014-04-15 | CVE-2014-2859 | Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request. | 7.5 |
| 2014-04-15 | CVE-2014-2580 | Resource Management Errors vulnerability in XEN The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface. | 4.4 |
| 2014-04-15 | CVE-2014-2384 | Resource Management Errors vulnerability in VMWare Player and Workstation vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. | 4.9 |
| 2014-04-15 | CVE-2014-1986 | Permissions, Privileges, and Access Controls vulnerability in Kokuyo Camiapp 1.21.1 The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. | 5.8 |
| 2014-04-15 | CVE-2014-0924 | Improper Input Validation vulnerability in IBM Messagesight and Messagesight JMS Client IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring. | 4.6 |