Shodan
Vulnerabilities
Vulnerable Software
Paperthin:  >> Commonspot Content Server  Security Vulnerabilities
CVE-2014-2869
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
CVE-2014-2870
The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
CVE-2014-2871
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
CVE-2014-2872
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
CVE-2014-2873
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
CVE-2014-2874
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
CVSS Score
10.0
EPSS Score
0.044
Published
2014-04-15
CVE-2010-0468
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-02-02
CVE-2005-4574
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.
CVSS Score
4.3
EPSS Score
0.038
Published
2005-12-29
CVE-2005-4575
PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-12-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved