The vulnerability in the web application for data synchronization with ownCloud allows a hacker to gain access to protected information related to user accounts and cookies.

The vulnerability of a web application for data synchronization with ownCloud is related to the lack of protection for service-related data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain access to protected information such as user accounts and cookies by readin...

ownCloud iOS app information disclosure vulnerability

ownCloud iOS app is a free and open source personal cloud storage solution for iOS based platform from OwnCloud Germany. An information disclosure vulnerability exists in versions of the ownCloud iOS app prior to 3.4.4. It allows remote instance administrars to obtain sensitive information about...

CVE-2015-5955

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers...

Seam: RCE via unsafe logging in AuthenticationFilter

It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running tha...

Seam: RCE via unsafe logging in AuthenticationFilter

It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running tha...

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

Fixed in Apache Tomcat 6.0.28

Important: Remote Denial Of Service and Information Disclosure Vulnerability CVE-2010-2227 Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail...