1916 matches found
CVE-2012-4393
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter...
CVE-2012-4392
index.php in ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value...
CVE-2012-4390
1 apps/calendar/appinfo/remote.php and 2 apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors...
CVE-2012-4753
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2012-4391
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...
CVE-2012-4395
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...
Code injection
1 apps/calendar/appinfo/remote.php and 2 apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors...
Code injection
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...
Cross site scripting
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter...
Design/Logic Flaw
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file...
Authentication flaw
index.php in ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value...
CVE-2012-4752
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...
CVE-2012-4394
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2012-4395
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter...
CVE-2012-4396
CVE-2012-4396 involves multiple reflected XSS vulnerabilities in ownCloud prior to 4.0.2. The description lists the vulnerable vectors and parameters across various modules: file names in apps/user_ldap/settings.php; url and/or title in apps/bookmarks/ajax/editBookmark.php; tag/page in apps/bookm...
CVE-2012-4393
ownCloud before 4.0.6 has multiple CSRF vulnerabilities across 37+ endpoints (e.g., bookmarks, calendar, files, sharing, tasks) that allow remote attackers to hijack user sessions. Red Hat notes that appconfig.php access isn’t properly restricted, enabling edits by remote authenticated users and ...
CVE-2012-4391
CVE-2012-4391 affects ownCloud: CSRF in core/ajax/appconfig.php allows an attacker to hijack administrator authentication to edit app configurations. Affected: ownCloud Server prior to 4.0.7. Root cause: CSRF in appconfig workflow enables unauthorized configuration edits without authentication ch...
CVE-2012-4397
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 calendar displayname to part.choosecalendar.rowfields.php or 2 part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or 3 unspecified...