EUVD-2015-7600

Malware in sbrugna...

SUSE CVE-2023-39962

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external...

CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...

CVE-2015-7699

The CVE-2015-7699 issue affects the ownCloud Server files_external app and allows remote authenticated users to instantiate arbitrary classes and potentially execute code via a crafted mount point option related to objectstore. Affected versions are: files_external in ownCloud Server pre-7.0.9, 8...

PHP arbitrary class instantiation in "files_external" - ownCloud

A user may instantiate arbitrary ownCloud classes due to a lack of a proper check of the mount point options provided by a user via the web front end. These may include constructor arguments and could potentially lead to a remote code execution. Affected Software ownCloud Server 8.1.2 CVE-2015-76...

Server: PHP arbitrary class instantiation in "files_external"

A user may instantiate arbitrary ownCloud classes due to a lack of a proper check of the mount point options provided by a user via the web front end. These may include constructor arguments and could potentially lead to a remote code execution. For more information please consult the official...

Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud

The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...

CVE-2014-3835

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the filesexternal application, which allows remote authenticated users to add external storage via unspecified vectors...

CVE-2014-3835

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the filesexternal application, which allows remote authenticated users to add external storage via unspecified vectors...

Code injection

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the filesexternal application, which allows remote authenticated users to add external storage via unspecified vectors...

CVE-2014-3835

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the filesexternal application, which allows remote authenticated users to add external storage via unspecified vectors...

Server: Improper authorization checks in files_external

Due to not verifying whether an user has been granted access to add external storages an authenticated user could even mount external storage e.g. SMB/FTP/etc. without permission. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Multiple CSRF vulnerabilities - ownCloud

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the “lat” and “lng” POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...