XSS in search dialogue - ownCloud

Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue. Affected Software ownCloud Server 10.0.2 CVE-2017-9338 ownCloud Server 9.1.6 CVE-2017-9338 ownCloud Server 9.0.10 CVE-2017-9338 ownCloud...

Content-Spoofing in "dav" app - ownCloud

The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Affected Software ownCloud Server 9.1.2 CVE-2016-???? core/96b8afe48570bc70088ccd8f897e9d71997d336e ownCloud Server 9.0.6 CVE-2016-????...

Edit permission check not enforced on WebDAV COPY action - ownCloud

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. Affected Software ownCloud Server 9.0.4 CVE-2016-????...

Server: Calendar export: Authorization Bypass Through User-Controlled Key

Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Server: Multiple XSS

Multiple stored and reflected XSS have been adressed. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

TLS Renegotiation Vulnerability PoC

No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...

Server: Multiple XSS

Due to not sanitising all user provided input the below mentioned ownCloud versions are vulnerable against several XSS attack vectors. ownCloud advises browsers to disable inline JavaScript execution due to the used Content-Security-Policy, this vulnerability is therefore likely not exploitable i...

Server: XSS in "Share Interface"

Multiple stored and reflected XSS have been adressed. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Server: Multiple XSS vulnerabilities

Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. CVE-2013-2150...

Server: Privilege escalation in the contacts application

Due to not properly checking the ownership of a single contact, an authenticated attacker is able to download contacts of other users in all ownCloud versions prior to 5.0.5 including the 4.5.x branch. Note: Successful exploitation of this privilege escalation requires the "contacts" app to be...

Server: Code execution in /lib/filesystem.php

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a file with a special crafted filename. For more information please consult the official advisory. This advisory is licensed CC...

Server: Insufficiently random values

The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x. For...

TLS Renegotiation Vulnerability PoC Exploit

No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...