Vulnerabilities > Paperthin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-15 | CVE-2014-2874 | OS Command Injection vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. | 10.0 |
| 2014-04-15 | CVE-2014-2867 | Unspecified vulnerability in Paperthin Commonspot Content Server Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors. | 10.0 |
| 2014-04-15 | CVE-2014-2866 | Code Injection vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code. | 10.0 |
| 2014-04-15 | CVE-2014-2864 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | 10.0 |
| 2014-04-15 | CVE-2014-2863 | Path Traversal vulnerability in Paperthin Commonspot Content Server Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | 10.0 |