6 matches found
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq...
CVE-2015-5954
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a fil...
CVE-2015-5954
The CVE-2015-5954 issue affects ownCloud Server: vulnerable versions include 6.0.x before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5. The root cause is that the virtual filesystem does not treat NULL as a valid getPath return value in a sharing context, allowing remote authenticated users ...
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...
Disclosure of users files when deleting parent folders of shared files - ownCloud
Due to a common incorrect usage of the getPath function of the ownCloud virtual filesystem multiple security issues occurred. Especially the function may return null in case the specified file does not exist anymore. When passing the result of getPath in combination with null to functions that...