Vulnerabilities > Paperthin > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-15 | CVE-2014-2868 | Unspecified vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. | 7.5 |
| 2014-04-15 | CVE-2014-2865 | Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation. | 7.5 |
| 2014-04-15 | CVE-2014-2859 | Permissions, Privileges, and Access Controls vulnerability in Paperthin Commonspot Content Server PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request. | 7.5 |