1916 matches found
HTTP header injection - ownCloud
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the readyCallback parameter to PUT.swf in apps/filesodfviewer/src/webodf/webodf/flashput/ the root parameter to index.php in apps/gallery/templates/ a...
Insufficiently random values - ownCloud
The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x...
Server: Insufficiently random values
The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x. For...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the readyCallback parameter to PUT.swf in apps/filesodfviewer/src/webodf/webodf/flashput/ the root parameter to index.php in apps/gallery/templates/ a...
Server: HTTP header injection
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. For more information please consult the official advisory. This advisory is...
Server: Auth bypass in /lib/base.php
/lib/base.php before ownCloud 4.0.8 does not properly validate the userid session variable via WebDAV, which allows authenticated attackers to gain access to other users files. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Reflected XSS in the file list - ownCloud
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Affected Software ownCloud Server 4.0.5 CVE-2012-4394 Action Taken It is recommended that all instances are upgraded ...
Server: Reflected XSS in the file list
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Multiple reflected XSS - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via file names to apps/userldap/settings.php url or title parameter to apps/bookmarks/ajax/editBookmark.php tag or page parameter to...
Server: Multiple reflected XSS
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via file names to apps/userldap/settings.php url or title parameter to apps/bookmarks/ajax/editBookmark.php tag or page parameter to...
Auth bypass in index.php - ownCloud
index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. Affected Software ownCloud Server 4.0.7 CVE-2012-4392 Action Taken It is recommended that all instances are upgraded to ownClou...
CSRF in appconfig.php - ownCloud
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. Affected Software ownCloud Server 4.0.7 CVE-2012-4391 Action Taken It is...
User enumeration - ownCloud
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. Affected Software ownCloud Server 4.0.7 CVE-2012-4390 Action Taken It is recommended that all instances are...
Code execution in /lib/migrate.php - ownCloud
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Affected Software ownCloud Server 4.0.7 CVE-2012-4389 Action Taken It is...
Server: CSRF in appconfig.php
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. For more information please consult the official advisory. This advisory is...
Server: User enumeration
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Code execution in /lib/migrate.php
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. For more information please consult the official advisory. This advisory...
Server: Auth bypass in index.php
index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Multiple stored XSS
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...