10 matches found
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...
ownCloud 10.6.x < 10.13.1 Authentication Bypass Vulnerability
ownCloud is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...
CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...
CVE-2023-49105
CVE-2023-49105 — ownCloud core vulnerability (pre-signed URLs) highly critical . In ownCloud core prior to 10.13.1, an attacker who knows a victim’s username and if the victim has no signing-key configured can access, modify, or delete any file without authentication because pre-signed URLs are a...
PT-2023-7303 · Owncloud · Owncloud
Name of the Vulnerable Software and Affected Versions: ownCloud versions 10.6.0 through 10.13.0 Description: An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the...
CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...
CVE-2023-49105
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...
WebDAV Api Authentication Bypass using Pre-Signed URLs - ownCloud
It is possible to access, modify or delete any file without authentication if the username of the victim is known and the victim has no signing-key configured which is the default...