CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4575

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile24.16th
Published2005年12月29日
Last Modified2026年4月16日

Vulnerability Description

PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.

Affected Platforms (CPE)

📦
Paperthin

Commonspot Content Server

<= 4.5
📦
Paperthin

Commonspot Content Server

= 2.5
📦
Paperthin

Commonspot Content Server

= 3.0
📦
Paperthin

Commonspot Content Server

= 3.2
📦
Paperthin

Commonspot Content Server

= 4.0

References & Advisories

🔗 http://pridels0.blogspot.com/2005/12/commonspot-content-server-vuln.html
🔗 http://secunia.com/advisories/18257
🔗 http://www.osvdb.org/21932
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/23865
🔗 http://pridels0.blogspot.com/2005/12/commonspot-content-server-vuln.html
🔗 http://secunia.com/advisories/18257
🔗 http://www.osvdb.org/21932
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/23865

関連する脆弱性情報

CVE-2005-45744.3

Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attack...

CVE-2010-04684.3

Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers ...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...