Skip to main content
CVE-2014-0514 CRITICAL POC PATCH THREAT Act Now

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.3%.

Adobe Privilege Escalation RCE Google Adobe Reader
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
90.3%
Threat
6.1
CVE-2014-2874 CRITICAL Act Now

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
4.4%
CVE-2014-2867 CRITICAL Act Now

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
4.1%
CVE-2014-2866 CRITICAL Act Now

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
1.1%
CVE-2014-2863 CRITICAL Act Now

Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
0.8%
CVE-2014-2864 CRITICAL Act Now

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Commonspot Content Server
NVD VulDB
CVSS 2.0
10.0
EPSS
0.5%
CVE-2014-0359 CRITICAL Act Now

Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Xangati Software Release Xangati Xnr
NVD VulDB
CVSS 2.0
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy