Vulnerabilities > Paperthin > Commonspot Content Server > High

DATE CVE VULNERABILITY TITLE RISK
2014-04-15 CVE-2014-2868 Unspecified vulnerability in Paperthin Commonspot Content Server
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
network
low complexity
paperthin
7.5
2014-04-15 CVE-2014-2865 Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.
network
low complexity
paperthin CWE-264
7.5
2014-04-15 CVE-2014-2859 Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
network
low complexity
paperthin CWE-264
7.5