owncloud -- Multiple security vulnerabilities

2013-05-14T00:00:00
ID D7A43EE6-D2D5-11E2-9894-002590082AC6
Type freebsd
Reporter FreeBSD
Modified 2013-05-14T00:00:00

Description

The ownCloud development team reports:

oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals. Credit to Mateusz Goik (aliantsoft.pl). oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities. Credit to Mateusz Goik (aliantsoft.pl) and Kacper R. (http://devilteam.pl). oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-023 / CVE-2013-2047: Password autocompletion. oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API. oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability. oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage. oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.