Lucene search
K

9 matches found

Malwarebytes
Malwarebytes
added 2023/09/27 8:0 a.m.13 views

Malwarebytes Admin update: New Detection screens to manage threats!

We released version 1.2 of the Malwarebytes Admin app for iOS and Android last week, adding new Detection features make it easier to see and manage threats. Designed as a companion to the Nebula console, Malwarebytes Admin allows administrators to quickly review, investigate, and resolve security...

7AI score
Exploits0
OwnCloud
OwnCloud
added 2017/05/31 11:37 a.m.495 views

XSS in search dialogue - ownCloud

Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue. Affected Software ownCloud Server 10.0.2 CVE-2017-9338 ownCloud Server 9.1.6 CVE-2017-9338 ownCloud Server 9.0.10 CVE-2017-9338 ownCloud...

3.5CVSS5.3AI score0.00603EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2015/09/21 11:42 a.m.42 views

Improper validation of certificates when using self-signed certificates - ownCloud

The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates. To be exploitable the following conditions have to be met: The connection to the remote ownCloud server must be secured using a self-signed certificate which the user...

5.1CVSS5.9AI score0.00825EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2015/08/03 6:51 p.m.35 views

Disclosure of users files when deleting parent folders of shared files - ownCloud

Due to a common incorrect usage of the getPath function of the ownCloud virtual filesystem multiple security issues occurred. Especially the function may return null in case the specified file does not exist anymore. When passing the result of getPath in combination with null to functions that...

4CVSS6.5AI score0.01201EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/11/25 6:40 p.m.36 views

CSRF in "bookmarks" application - ownCloud

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

6.8CVSS5.9AI score0.00828EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/08/18 6:31 p.m.51 views

Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud

The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...

4.3CVSS6AI score0.01078EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 6:22 p.m.44 views

LDAP injection - ownCloud

Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...

6.8CVSS6AI score0.0129EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/05/14 6:11 p.m.37 views

Privilege escalation in the calendar application - ownCloud

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calendarid" GET parameter to /apps/calendar/ajax/events.php Note: Successful exploitation of this privilege escalation requires the "calendar" app to be enabl...

4CVSS6.3AI score0.01422EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/04/02 5:46 p.m.44 views

Multiple XSS vulnerabilities - ownCloud

Multiple cross-site scripting XSS vulnerabilities in ownCloud 5.0.0 allow remote attackers to inject arbitrary web script or HTML via the "newname" POST parameter to renameTag.php in /apps/bookmarks/ajax/ Commits: 1c63eb1 stable5 Risk: Medium Note: Successful exploitation of this stored XSS...

4.3CVSS5.3AI score0.01197EPSS
Exploits0Affected Software1
Rows per page
Query Builder