2 matches found
CVE-2013-0304
CVE-2013-0304 affects ownCloud Server prior to 4.5.7. The calendar export path (/apps/calendar/export.php) is vulnerable because ownership of calendars is not properly checked, allowing remote authenticated users to read arbitrary calendars via the calid parameter. This is described as a calendar...
Privilege escalation in the calendar application - ownCloud
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server 4.5.7 CVE-2013-0304 Action Taken It is recommended that all instances...