309 matches found
Server: Multiple SQL injection
ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. CVE-2013-2045 ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the...
Server: Auth bypass in /lib/base.php
/lib/base.php before ownCloud 4.0.8 does not properly validate the userid session variable via WebDAV, which allows authenticated attackers to gain access to other users files. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Multiple reflected XSS
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via file names to apps/userldap/settings.php url or title parameter to apps/bookmarks/ajax/editBookmark.php tag or page parameter to...
Server: Multiple XSS vulnerabilities
Cross-site scripting XSS vulnerabilities in js/viewer.js inside the filesvideoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. CVE-2013-2150...
Server: XSS Vulnerability in MediaElement.js
A cross-site scripting XSS vulnerability in all ownCloud versions prior to 5.0.5 including the 4.5.x branch allows remote attackers to execute arbitrary javascript when a user opens a special crafted URL. This vulnerability exists in the bundled 3rdparty plugin "MediaElement.js", "MediaElement.js...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 5.0.0 allow remote attackers to inject arbitrary web script or HTML via the "newname" POST parameter to renameTag.php in /apps/bookmarks/ajax/ Commits: 1c63eb1 stable5 Risk: Medium Note: Successful exploitation of this stored XSS...
Multiple CSRF vulnerabilities - ownCloud
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the “lat” and “lng” POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...
Server: Multiple code executions
A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5 and 4.0.10 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the GET parameters to resetpassword.php in core/lostpassword/templates/ CVE-2013-0201 Commits: c05c8ab stable45, 4e2b834 stable4...
HTTP header injection - ownCloud
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...
Server: Reflected XSS
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Mobile App: Credentials potentially leaked to other configured ownCloud instance
A bug in the ownCloud iOS application below version 3.4.4 may leak credentials as well as cookies used for authentication purposes to other configured ownCloud instances. Specifically, the ownCloud iOS application allows users to connect to multiple ownCloud instances offering an easy way to swit...
Server: Command injection when using external SMB storage
The external SMB storage of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. This was caused by improperly sanitizing the ; character which is interpreted as command separator by smbclient the used software to connect to SMB...
Incomplete blacklist vulnerability - ownCloud
Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Affect...
Server: user_migrate: Local file disclosure
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to import arbitrary files on the server inside his user account. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Privilege escalation in the calendar application - ownCloud
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server 4.5.7 CVE-2013-0304 Action Taken It is recommended that all instances...
Server: Timing attack on the password reset
The "Lost Password" implementation is vulnerable to a Remote Timing Attack. The token used to secure the password reset is fetched from the database and compared to the user-specified value using the equals operator. An attacker successfully rebuilding the token can then specify an arbitrary...
CSRF in appconfig.php - ownCloud
Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. Affected Software ownCloud Server 4.0.7 CVE-2012-4391 Action Taken It is...
Disclosure of files that begin with ".v" due to unchecked return value - ownCloud
Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...
Server: Disclosure of files that begin with ".v" due to unchecked return value
Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...
Server: Command injection when using external SMB storage
The external legacy SMB storage not using php-libsmbclient of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading ...
Server: Resource Exthaustion when sanitizing filenames
The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive. For more information please consult the official advisor...
Server: Login bypass when using the external FTP user backend
ownCloud provides multiple user backends that can be used to authenticate users. One of those backend providers is "userexternal", which authenticates users against FTP, IMAP or SMB servers. This is mainly useful when it is not possible to authenticate against an LDAP server. The FTP backend...
Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...
Server: Improper authorization checks in files_external
Due to not verifying whether an user has been granted access to add external storages an authenticated user could even mount external storage e.g. SMB/FTP/etc. without permission. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Privilege escalation and CSRF in the API - ownCloud
Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability. Affected Software ownCloud Server 5.0.6 CVE-2013-2048 Action Taken It...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the filename to to versions.js in apps/filesversions/js/ the filename to filelist.js in apps/files/js/ the event title to fullcalendar.js in...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the filename to to versions.js in apps/filesversions/js/ the filename to filelist.js in apps/files/js/ the event title to fullcalendar.js in...
Insufficiently random values - ownCloud
The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x...
Server Side Request Forgery (SSRF) through user_ldap app - ownCloud
Server Side Request Forgery SSRF vulnerability in the settings of the userldap app. Administration role is necessary for exploitation...
Improper validation of certificates when using self-signed certificates - ownCloud
The ownCloud Desktop Client was vulnerable against MITM attacks until version 1.8.2 in combination with self-signed certificates. To be exploitable the following conditions have to be met: The connection to the remote ownCloud server must be secured using a self-signed certificate which the user...
Server: Stored XSS in "bookmarks" application
Due to not sanitising all user provided input, the "bookmarks" application shipped with the below mentioned ownCloud versions is vulnerable to a stored Cross-site scripting attack. The "bookmarks" application is disabled by default. Abusing this vulnerability requires the user to import a malicio...
Server: Local file inclusion in core
Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions. Depending on the ownCloud configuration and the authentication state of a remote attacker this...
Host Header Poisoning - ownCloud
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. Affected...
Improper authorization checks in documents - ownCloud
Due to not verifying whether an user has permission to rename files of other users an authenticated user could rename files of other users without permission. Affected Software ownCloud Server 6.0.3 CVE-2014-3834 Action Taken We reviewed the access-control of the documents application and ensured...
Local file disclosure when running on Windows - ownCloud
Due to not rejecting "" as path separator in all ownCloud versions prior to 5.0.4 including the 4.x branch an authenticated remote attacker is able to download arbitrary files from the server when running under Windows. This vulnerability exists inside our used DAV implementation "SabreDAV" and...
Server: Local file inclusion on MS Windows Platform
Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions when running on the MS Windows Platform. Depending on the ownCloud configuration and the authentication...
Bypass of shared files password protection in "documents" application - ownCloud
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...
Server: CSRF in "bookmarks" application
Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...
Server: Improper authorization checks in core
Due to an improper authorization check in core an attacker with access to at least two user account is able to access the file names of other users. Our post-mortem audit showed that this vulnerability does not leak any content of the file or the directory structure except the filename. For more...
Open redirector - ownCloud
Open redirect vulnerability in index.php aka the Login Page in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter. Affected Software ownCloud Server 5.0.6 CVE-2013-2044 Action Taken It is...
Server: Auth bypass in index.php
index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Information Exposure Through Directory Listing in the file scanner
Due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of files existing on the filesystem. However, it is not possible to access any of these files. This caus...
Users can mount the local filesystem - ownCloud
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the filesexternal app to be enabled. Affected Software ownCloud Server 6.0.2 ownCloud Server 5.0.15 Action Taken It is recommended th...
Insecure Flash Cross Domain policies - ownCloud
Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user. Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All packaged Flash files have been audited whether they have potentially insecure Cross...
Server: Improper authorization checks in contacts
Due to not verifying whether an user has been granted access to an address book, authenticated users are able to access arbitrary contacts of other users. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Multiple XSS - ownCloud
Due to not sanitising all user provided input the below mentioned ownCloud versions are vulnerable against several XSS attack vectors. ownCloud advises browsers to disable inline JavaScript execution due to the used Content-Security-Policy, this vulnerability is therefore likely not exploitable i...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud 5.0.0 allow remote attackers to inject arbitrary web script or HTML via the "newname" POST parameter to renameTag.php in /apps/bookmarks/ajax/ Commits: 1c63eb1 stable5 Risk: Medium Note: Successful exploitation of this stored XSS...
Multiple XSS vulnerabilities - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the “sitename” and “siteurl” POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...
Server: XSS vulnerability in bookmarks
A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...