2 matches found
Auth bypass in user_webdavauth and user_ldap - ownCloud
ownCloud 4.5.4, ownCloud 4.0.9 and all versions previous to this doesn't sufficiently verify whether a request to settings.php was sent by an admin, which allows unauthenticated users to edit app configurations of userwebdavauth and userldap. An unauthenticated attacker may use this to gain acces...
Code execution in /lib/migrate.php - ownCloud
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file. Affected Software ownCloud Server 4.0.10 CVE-2013-5665 ownCloud Server 4.5.5 CVE-2013-5665...