Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service DoS attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-sourc...

CVE-2015-6500

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service CPU consumption via a .. dot dot in the dir parameter to index.php/apps/files/ajax/scan.php...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-2057

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-2150

Multiple cross-site scripting XSS vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files...