1916 matches found
Several CSRF security fixes - ownCloud
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use addBookmark.php in bookmarks/ajax/ delBookmark.php in bookmarks/ajax/ editBookmark.php in bookmarks/ajax/...
Auth bypass in index.php - ownCloud
ownCloud 4.0.6 and all versions previous to this doesn't sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. Affected...
Server: Auth bypass in index.php
ownCloud 4.0.6 and all versions previous to this doesn't sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. For more...
Server: Several CSRF security fixes
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use addBookmark.php in bookmarks/ajax/ delBookmark.php in bookmarks/ajax/ editBookmark.php in bookmarks/ajax/...
ownCloud Web Interface Detection
ownCloud, a web-based PHP cloud storage software suite, is running on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid59727; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate"...
Reflected XSS - ownCloud
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. Affected Software ownCloud Server 4.0.3 CVE-2012-4395 Action Taken It is recommended that all instances are upgraded to ownClo...
Server: Reflected XSS
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Owncloud 3.0.3 Clear Text Password Storage
Owncloud App "Ldap user backend" stored password in clear text Author: francesco.tornieri "At" verona-wireless.net Summary: store domain admin password in clear text Discovery date: 09/05/2012 Developer date contact : 09/05/2012 Where: From local Release Date: 11/05/2012 Criticality level: High...
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 others not tested http://owncloud.org References: TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt used for updates CVE-2012-2269 - XSS in...
Owncloud Account Overtake / File Upload Code Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
CVE-2012-2397
Cross-site request forgery CSRF vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via vectors involving contacts...
CVE-2012-2398
Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...
CVE-2012-2269
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary field to apps/contacts/ajax/addcard.php, 2 the parameter parameter to apps/contacts/ajax/addproperty.php, 3 the name parameter to...
CVE-2012-2270
Open redirect vulnerability in index.php aka the Login Page in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...
CVE-2012-2269
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary field to apps/contacts/ajax/addcard.php, 2 the parameter parameter to apps/contacts/ajax/addproperty.php, 3 the name parameter to...
Open redirect
Open redirect vulnerability in index.php aka the Login Page in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...
CVE-2012-2270
Open redirect vulnerability in index.php aka the Login Page in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...
CVE-2012-2397
Cross-site request forgery CSRF vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via vectors involving contacts...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via vectors involving contacts...