8 matches found
CVE-2021-33828
The filesantivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files that have been uploaded to a public share are supposed to be deleted upon detection...
CVE-2021-33827
The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...
EUVD-2021-20503
Malware in sbrugna...
Design/Logic Flaw
The filesantivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files that have been uploaded to a public share are supposed to be deleted upon detection...
Arbitrary code execution through admin settings - ownCloud
In the administration settings of the filesantivirus app it was possible to execute arbitrary code...
CVE-2020-16144
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...
Files_antivirus doesn't delete virus if uploaded through public link
Risk: low CVSS v3 Base Score: 1.2 CVSS v3 Vector: AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N CWE ID: CWE-280 CWE Name: Improper Handling of Insufficient Permissions or Privileges...
ownCloud: Remote Code Execution through "Files_antivirus" plugin
Hi, I would like to report a Remote Code Execution in OwnCloud. The flaw is exploitable as an authenticated user and level of privileges required is "Administrator". Vulnerable component is the plugin "filesantivirus", freely downloadable via the market and available in owncloud github repository...