28 matches found
Nextcloud: Stored XSS in Gallery application (NC-SA-2017-010)
Stored XSS in Gallery application NC-SA-2017-010 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CWE-79 Description A JavaScript library used by Nextcloud for sanitizing untrusted...
DSA-3679-1 jackrabbit - security update
Bulletin has no description...
Disclosure of files that begin with ".v" due to unchecked return value - ownCloud
Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...
Command injection when using external SMB storage - ownCloud
The external legacy SMB storage not using php-libsmbclient of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading ...
Bypass of file blacklist - ownCloud
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...
Stored XSS in "bookmarks" application - ownCloud
Due to not sanitising all user provided input, the "bookmarks" application shipped with the below mentioned ownCloud versions is vulnerable to a stored Cross-site scripting attack. The "bookmarks" application is disabled by default. Abusing this vulnerability requires the user to import a malicio...
Bypass of shared files password protection in "documents" application - ownCloud
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...
Local Path Disclosure when using Asset Pipeline - ownCloud
ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...
XXE in multiple third party components - ownCloud
Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...
Host Header Poisoning - ownCloud
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. Affected...
Insecure OpenID implementation - ownCloud
Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. Affected Software ownCloud Server 5.0.15...
Deserialization of Untrusted Data in core - ownCloud
Due to the deserialization of unstrusted data in core an attacker might be able to delete arbitrary files from the filesystem or executing arbitrary SQL queries. This issue has been found in a widely used third-party library, we have removed the component due to general quality concerns from the...
CSRF in documents - ownCloud
Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks. An attacker could have used this to arbitrary modify existing files or rename it. Affected Software ownCloud Server 6.0.3...
Improper authorization checks in documents - ownCloud
Due to not verifying whether an user has permission to rename files of other users an authenticated user could rename files of other users without permission. Affected Software ownCloud Server 6.0.3 CVE-2014-3834 Action Taken We reviewed the access-control of the documents application and ensured...
Incomplete blacklist vulnerability - ownCloud
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...
Privilege escalation and CSRF in the API - ownCloud
Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability. Affected Software ownCloud Server 5.0.6 CVE-2013-2048 Action Taken It...
Insecure database password generator - ownCloud
Due to using "time" as random source in the ownCloud installation routine, the entropy of the generated PostgreSQL database user password is very low and can be easily guessed. This issue is inside the ownCloud setup routine and is not related to any PostgreSQL vulnerability. Affected Software...
user_migrate: Local file disclosure - ownCloud
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to import arbitrary files on the server inside his user account. Affected Software ownCloud Server 4.5.8 CVE-2013-1851 ownCloud Server 4.0.13 CVE-2013-1851 Action Take...
Incomplete blacklist vulnerability - ownCloud
Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Affect...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.8 and all prior versions except 4.0.x allow remote attackers to inject arbitrary web script or HTML via the "quota" POST parameter to setquota.php in /core/settings/ajax/ Commits: 2364c79 stable45 Risk: Low Note: Successful...