Lucene search
K

4 matches found

OSV
OSV
•added 2016/01/08 9:59 p.m.•6 views

CVE-2016-1500

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...

3.1CVSS4.6AI score
Exploits0References1
NVD
NVD
•added 2016/01/08 9:59 p.m.•22 views

CVE-2016-1500

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "fileversions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongi...

3.5CVSS3.4AI score0.0085EPSS
Exploits0References1
CVE
CVE
•added 2016/01/08 9:0 p.m.•57 views

CVE-2016-1500

CVE-2016-1500 affects ownCloud Server releases prior to certain patch levels (7.0.12; 8.0.x < 8.0.10; 8.1.x < 8.1.5; 8.2.x

3.5CVSS5.2AI score0.0085EPSS
Exploits0References1Affected Software2
OwnCloud
OwnCloud
•added 2016/01/06 6:57 p.m.•49 views

Disclosure of files that begin with ".v" due to unchecked return value - ownCloud

Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...

3.5CVSS6.2AI score0.0085EPSS
Exploits0Affected Software1
Rows per page
Query Builder