309 matches found
Auth bypass in /lib/base.php - ownCloud
/lib/base.php before ownCloud 4.0.8 does not properly validate the userid session variable via WebDAV, which allows authenticated attackers to gain access to other users files. Affected Software ownCloud Server 4.0.8 CVE-2012-5336 Action Taken It is recommended that all instances are upgraded to...
Code execution in /lib/migrate.php - ownCloud
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Affected Software ownCloud Server 4.0.7 CVE-2012-4389 Action Taken It is...
Multiple stored XSS - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...
Server: Calendar export: Authorization Bypass Through User-Controlled Key
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Stored XSS in "activity" application
Due to not sanitising all user provided input, the "activity" application shipped with the mentioned ownCloud versions is vulnerable to stored cross-site scripting attacks. The "activity" application is enabled by default in the ownCloud Community Edition and Enterprise Edition. Successful...
Server: Local file disclosure due to the preview system
ownCloud includes a preview system which generates the small thumbnails shown in the file list of the web interface. This functionality can be controlled with the enablepreviews switch in config.php and is enabled by default. Multiple unspecified vulnerabilities have been found within the preview...
Server: Bypass of shared files password protection in "documents" application
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. For mor...
Server: User enumeration
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
LDAP injection - ownCloud
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...
Server: LDAP injection
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Improper authorization checks in contacts - ownCloud
Due to not verifying whether an user has been granted access to an address book, authenticated users are able to access arbitrary contacts of other users. Affected Software ownCloud Server 6.0.3 CVE-2014-3834 Action Taken We reviewed the access-control of the contacts application and ensured that...
Multiple SQL injection - ownCloud
ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. CVE-2013-2045 ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the...
Server: CSRF token leakage
The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Information disclosure
Due to the inclusion of the Amazon SDK testing suite an unauthenticated attacker is able to gain additional informations about the server including: the PHP version the cURL version informations wether the following functions/modules are available: SimpleXML DOM SPL JSON PCRE File System Read/Wri...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5 and 4.0.10 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the GET parameters to resetpassword.php in core/lostpassword/templates/ CVE-2013-0201 Commits: c05c8ab stable45, 4e2b834 stable4...
Server: XSS vulnerability in user_webdavauth
A cross-site scripting XSS vulnerability in ownCloud 4.5.x before 4.5.2 allow remote attackers to inject arbitrary web script or HTML via the POST data to settings.php in apps/userwebdavauth/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Timing attack on the password reset - ownCloud
The "Lost Password" implementation is vulnerable to a Remote Timing Attack. The token used to secure the password reset is fetched from the database and compared to the user-specified value using the equals operator. An attacker successfully rebuilding the token can then specify an arbitrary...
Server: Insufficiently random values
The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x. For...
Server: Code execution in /lib/migrate.php
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. For more information please consult the official advisory. This advisory...
Information Exposure Through Directory Listing in the file scanner - ownCloud
Due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of directories but not the containing files existing on the filesystem. However, it is not possible to...
Mobile App: Improper validation of certificates within the iOS application
The ownCloud iOS Library was vulnerable against a remotely exploitable certification problem until version 1.1.2. The vulnerable library version is used by the official ownCloud iOS client until version 3.4.4. Specifically it has been discovered that the used networking library AFNetworking is pe...
Login bypass when using the external FTP user backend - ownCloud
ownCloud provides multiple user backends that can be used to authenticate users. One of those backend providers is "userexternal", which authenticates users against FTP, IMAP or SMB servers. This is mainly useful when it is not possible to authenticate against an LDAP server. The FTP backend...
Server: Multiple XSS vulnerabilities
Cross-site scripting XSS vulnerabilities in multiple files inside the media application via multiple unspecified vectors in all ownCloud versions prior to 5.0.6 and other versions before 4.0.15 allows authenticated remote attackers to inject arbitrary web script or HTML. CVE-2013-2040 Cross-site...
Server: Open redirector
Open redirect vulnerability in index.php aka the Login Page in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter. For more information please consult the official advisory. This advisory is...
Server: Privilege escalation in the contacts application
Due to not properly checking the ownership of a single contact, an authenticated attacker is able to download contacts of other users in all ownCloud versions prior to 5.0.5 including the 4.5.x branch. Note: Successful exploitation of this privilege escalation requires the "contacts" app to be...
Server: Incomplete blacklist vulnerability
Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. For mo...
Reflected XSS in the file list - ownCloud
Cross-site scripting XSS vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Affected Software ownCloud Server 4.0.5 CVE-2012-4394 Action Taken It is recommended that all instances are upgraded ...
Server: PHP arbitrary class instantiation in "files_external"
A user may instantiate arbitrary ownCloud classes due to a lack of a proper check of the mount point options provided by a user via the web front end. These may include constructor arguments and could potentially lead to a remote code execution. For more information please consult the official...
Stored XSS in "activity" application - ownCloud
Due to not sanitising all user provided input, the "activity" application shipped with the mentioned ownCloud versions is vulnerable to stored cross-site scripting attacks. The "activity" application is enabled by default in the ownCloud Community Edition and Enterprise Edition. Successful...
Bypass of file blacklist on Microsoft Windows Platform - ownCloud
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...
Server: ACLs not properly enforced in "documents" application
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...
Server: CSRF in documents
Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks. An attacker could have used this to arbitrary modify existing files or rename it. For more information please consult the...
Server: Multiple directory traversals
Multiple directory traversal vulnerabilities in 1 apps/filestrashbin/index.php via the "dir" GET parameter and 2 lib/files/view.php via undefined vectors in all ownCloud versions prior to 5.0.6 and other versions before 4.0.15, allow authenticated remote attackers to get access to arbitrary local...
XSS Vulnerability in MediaElement.js - ownCloud
A cross-site scripting XSS vulnerability in all ownCloud versions prior to 5.0.5 including the 4.5.x branch allows remote attackers to execute arbitrary javascript when a user opens a special crafted URL. This vulnerability exists in the bundled 3rdparty plugin "MediaElement.js", "MediaElement.js...
Code execution in external storage - ownCloud
Due to not sufficiently sanitizing the user input in "settings/personal.php" in ownCloud 4.5.x before 4.5.6 an authenticated remote attackers may be able to execute arbitrary code by entering special crafted PHP code in the mount point settings. Affected Software ownCloud Server 4.5.6 CVE-2013-02...
User enumeration - ownCloud
apps/calendar/appinfo/remote.php and apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. Affected Software ownCloud Server 4.0.7 CVE-2012-4390 Action Taken It is recommended that all instances are...
Server: Several CSRF security fixes
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use addBookmark.php in bookmarks/ajax/ delBookmark.php in bookmarks/ajax/ editBookmark.php in bookmarks/ajax/...
Security advisory: Normal user can somehow make admin to delete shared folders
Platform: ownCloud Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE: Improper Privilege Management CWE-269 HackerOne report:Â 166581...
Improper validation of certificates when using self-signed certificates - ownCloud
The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates. To be exploitable the following conditions have to be met: The connection to the remote ownCloud server must be secured using a self-signed certificate which the user...
Improper validation of certificates when using self-signed certificates 2.0.1
The ownCloud Desktop Client was vulnerable against MITM attacks until version 2.0.0 in combination with self-signed certificates. To be exploitable the following conditions have to be met:...
Server: Disclosure of users files when deleting parent folders of shared files
Due to a common incorrect usage of the getPath function of the ownCloud virtual filesystem multiple security issues occurred. Especially the function may return null in case the specified file does not exist anymore. When passing the result of getPath in combination with null to functions that...
Server: Improper authorization checks in documents
Due to not verifying whether an user has permission to rename files of other users an authenticated user could rename files of other users without permission. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Enumeration of shared files in documents
Due to using the auto-incrementing fileid instead of the random generated token to access files in the documents app an authenticated users could enumerate shared files of other users. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Code execution in external storage
Due to not sufficiently sanitizing the user input in "settings/personal.php" in ownCloud 4.5.x before 4.5.6 an authenticated remote attackers may be able to execute arbitrary code by entering special crafted PHP code in the mount point settings. For more information please consult the official...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the readyCallback parameter to PUT.swf in apps/filesodfviewer/src/webodf/webodf/flashput/ the root parameter to index.php in apps/gallery/templates/ a...
Server: HTTP header injection
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. For more information please consult the official advisory. This advisory is...
Credentials potentially leaked to other configured ownCloud instance - ownCloud
A bug in the ownCloud iOS application below version 3.4.4 may leak credentials as well as cookies used for authentication purposes to other configured ownCloud instances. Specifically, the ownCloud iOS application allows users to connect to multiple ownCloud instances offering an easy way to swit...
Server: Multiple stored XSS in "documents" application
Due to not sanitising all user provided input, the "documents" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "documents" application is enabled by default in the ownCloud Community Edition but not shipped with the...
Session Fixation - ownCloud
Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET. Affected Software ownCloud Server 6.0.2 CVE-2014-2047 Actio...
contacts: SQL Injection - ownCloud
ownCloud before 5.0.1 does not neutralize special elements that are passed to the SQL query in addressbookprovider.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. Affected Software ownCloud Server 5.0.1 CVE-2013-1893 Action Taken It is recommended that all...