SUSE-SU-2018:0407-1 Security update for ghostscript

This update for ghostscript fixes several issues. These security issues were fixed: - CVE-2017-9835: The gsallocrefarray function allowed remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScri...

Mandriva Linux Security Advisory : owncloud (MDVSA-2015:191)

Multiple vulnerabilities has been discovered and corrected in owncloud : - Multiple stored XSS in contacts application oC-SA-2015-001 - Multiple stored XSS in documents application oC-SA-2015-002 - Bypass of file blacklist oC-SA-2015-004 The updated packages have been upgraded to the 7.0.5 versio...

Server: Multiple stored XSS in "documents" application

Due to not sanitising all user provided input, the "documents" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "documents" application is enabled by default in the ownCloud Community Edition but not shipped with the...

Bypass of shared files password protection in "documents" application - ownCloud

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...

Server: Bypass of shared files password protection in "documents" application

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. For mor...

Server: ACLs not properly enforced in "documents" application

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...

CSRF in documents - ownCloud

Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks. An attacker could have used this to arbitrary modify existing files or rename it. Affected Software ownCloud Server 6.0.3...