Auth bypass in "user_webdavauth" - ownCloud

A not further specified authentication bypass in the userwebdavauth application has been found. Using this vulnerability an attacker might login to the ownCloud instance without valid credentials. Affected Software ownCloud Server 5.0.8 ownCloud Server 4.5.13 Action Taken Acknowledgements The...

Server: Auth bypass in "user_webdavauth"

A not further specified authentication bypass in the userwebdavauth application has been found. Using this vulnerability an attacker might login to the ownCloud instance without valid credentials. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Multiple CSRF vulnerabilities - ownCloud

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the “lat” and “lng” POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

Arbitrary file deletion

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

Auth bypass in user_webdavauth and user_ldap - ownCloud

ownCloud 4.5.4, ownCloud 4.0.9 and all versions previous to this doesn't sufficiently verify whether a request to settings.php was sent by an admin, which allows unauthenticated users to edit app configurations of userwebdavauth and userldap. An unauthenticated attacker may use this to gain acces...

Server: Auth bypass in user_webdavauth and user_ldap

ownCloud 4.5.4, ownCloud 4.0.9 and all versions previous to this doesn't sufficiently verify whether a request to settings.php was sent by an admin, which allows unauthenticated users to edit app configurations of userwebdavauth and userldap. An unauthenticated attacker may use this to gain acces...

Server: XSS vulnerability in user_webdavauth

A cross-site scripting XSS vulnerability in ownCloud 4.5.x before 4.5.2 allow remote attackers to inject arbitrary web script or HTML via the POST data to settings.php in apps/userwebdavauth/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...