12 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Owncloud Graph_Api
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
GHSA-MHHP-C3CM-2R86 Test code in published microsoft-graph-core package exposes phpinfo()
Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...
GHSA-CGWQ-6PRQ-8H9Q Test code in published microsoft-graph package exposes phpinfo()
Impact The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The...
ownCloud Phpinfo Reader
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API
Rapid7 is responding to CVE-2023-49103, an unauthenticated information disclosure vulnerability impacting ownCloud. Background ownCloud is a file sharing platform designed for enterprise environments. On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosu...
ownCloud Critical Vulnerability is under active exploitation
Summary: Hackers are actively exploiting a critical vulnerability CVE-2023-49103 in ownCloud, a popular open-source file-sharing solution, exposing sensitive data in containerized deployments. Administrators are urged to promptly apply recommended fixes, including disabling the phpinfo function a...
OwnCloud “graphapi” App Vulnerability Exposes Sensitive Data
By Deeba Ahmed The vulnerability is tracked as CVE-2023-49103 and declared critical with a CVSS v3 Base Score 10. This is a post from HackRead.com Read the original post: OwnCloud "graphapi" App Vulnerability Exposes Sensitive Data...
ownCloud vulnerability can be used to extract admin passwords
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and...
ownCloud Information Disclosure Vulnerability (Nov 2023) - Active Check
ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...
CVE-2023-49103
creationtimestamp| type| source ---|---|--- 2023-11-22 17:10:53+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5912 2023-11-23 07:46:50+00:00| published-proof-of-concept| https://t.me/proxybar/1841 2023-11-23 09:27:42+00:00| seen|...
CVE-2023-49103
The CVE-2023-49103 vulnerability affects ownCloud graphapi in versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The issue stems from a third‑party GetPhpInfo.php that returns a phpinfo() output, exposing the PHP environment and webserver variables (potentially including admin passwords, mail cr...