Vulnerabilities > Paperthin > Commonspot Content Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-15 | CVE-2014-2863 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | 10.0 |
| 2014-04-15 | CVE-2014-2864 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | 10.0 |
| 2014-04-15 | CVE-2014-2866 | Code Injection vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code. | 10.0 |
| 2014-04-15 | CVE-2014-2867 | Unspecified vulnerability in Paperthin Commonspot Content Server Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors. | 10.0 |
| 2014-04-15 | CVE-2014-2874 | OS Command Injection vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. | 10.0 |