13 matches found
EUVD-2012-4331
Malware in sbrugna...
CVE-2012-4752
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...
CVE-2012-4391
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...
CVE-2012-5665
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...
CVE-2012-5665
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...
Arbitrary file deletion
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...
CVE-2012-5665
Affected software: ownCloud 4.0.x (before 4.0.10) and 4.5.x (before 4.5.5). Vulnerability: improper restriction of access to settings.php, enabling remote attackers to edit app configurations for user_webdavauth and user_ldap by editing this file. Root cause: settings.php access is not properly g...
Server: Auth bypass in user_webdavauth and user_ldap
ownCloud 4.5.4, ownCloud 4.0.9 and all versions previous to this doesn't sufficiently verify whether a request to settings.php was sent by an admin, which allows unauthenticated users to edit app configurations of userwebdavauth and userldap. An unauthenticated attacker may use this to gain acces...
CVE-2012-4391
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...
CVE-2012-4391
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...
Code injection
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...
Server: CSRF in appconfig.php
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. For more information please consult the official advisory. This advisory is...