309 matches found
Multiple stored XSS in "contacts" application - ownCloud
Due to not sanitising all user provided input, the "contacts" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "contacts" application is enabled by default in the ownCloud Community Edition but not shipped with the ownClou...
Server: Bypass of file blacklist on Microsoft Windows Platform
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...
Server: Multiple stored XSS in "contacts" application
Due to not sanitising all user provided input, the "contacts" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "contacts" application is enabled by default in the ownCloud Community Edition but not shipped with the ownClou...
Server: Bypass of file blacklist
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...
Server: Multiple stored XSS in "documents" application
Due to not sanitising all user provided input, the "documents" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "documents" application is enabled by default in the ownCloud Community Edition but not shipped with the...
Stored XSS in "bookmarks" application - ownCloud
Due to not sanitising all user provided input, the "bookmarks" application shipped with the below mentioned ownCloud versions is vulnerable to a stored Cross-site scripting attack. The "bookmarks" application is disabled by default. Abusing this vulnerability requires the user to import a malicio...
CSRF in "bookmarks" application - ownCloud
Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...
Local file disclosure due to the preview system - ownCloud
ownCloud includes a preview system which generates the small thumbnails shown in the file list of the web interface. This functionality can be controlled with the enablepreviews switch in config.php and is enabled by default. Multiple unspecified vulnerabilities have been found within the preview...
ACLs not properly enforced in "documents" application - ownCloud
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...
Bypass of shared files password protection in "documents" application - ownCloud
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...
Potential local file disclosure - ownCloud
ownCloud offers the OCUtil::getUrlContent to developers. Using this function applications can download content from remote websites. Due to a newly introduced bug in this functionality it was following redirects to other protocols such as file://. Thus, an attacker may be able to gain access to...
Login bypass when using the external FTP user backend - ownCloud
ownCloud provides multiple user backends that can be used to authenticate users. One of those backend providers is "userexternal", which authenticates users against FTP, IMAP or SMB servers. This is mainly useful when it is not possible to authenticate against an LDAP server. The FTP backend...
Local Path Disclosure when using Asset Pipeline - ownCloud
ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...
Login bypass when using user_ldap due to unauthenticated binds - ownCloud
"userldap" in the web-interface called "LDAP user and group backend" is an optional authentication backend for ownCloud for using LDAP users and groups within the ownCloud web application. The ownCloud team has discovered a vulnerability within the "userldap" application which, depending on the...
Server: Login bypass when using the external FTP user backend
ownCloud provides multiple user backends that can be used to authenticate users. One of those backend providers is "userexternal", which authenticates users against FTP, IMAP or SMB servers. This is mainly useful when it is not possible to authenticate against an LDAP server. The FTP backend...
Server: Local Path Disclosure when using Asset Pipeline
ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...
Server: CSRF in "bookmarks" application
Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...
Server: Login bypass when using user_ldap due to unauthenticated binds
"userldap" in the web-interface called "LDAP user and group backend" is an optional authentication backend for ownCloud for using LDAP users and groups within the ownCloud web application. The ownCloud team has discovered a vulnerability within the "userldap" application which, depending on the...
Server: Stored XSS in "bookmarks" application
Due to not sanitising all user provided input, the "bookmarks" application shipped with the below mentioned ownCloud versions is vulnerable to a stored Cross-site scripting attack. The "bookmarks" application is disabled by default. Abusing this vulnerability requires the user to import a malicio...
Server: Potential local file disclosure
ownCloud offers the OCUtil::getUrlContent to developers. Using this function applications can download content from remote websites. Due to a newly introduced bug in this functionality it was following redirects to other protocols such as file://. Thus, an attacker may be able to gain access to...
Server: Bypass of shared files password protection in "documents" application
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. For mor...
Server: ACLs not properly enforced in "documents" application
The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. This application uses strong and very long random "Session IDs" to limit access to specific resources. Knowledge of this ID allows...
Server: Local file disclosure due to the preview system
ownCloud includes a preview system which generates the small thumbnails shown in the file list of the web interface. This functionality can be controlled with the enablepreviews switch in config.php and is enabled by default. Multiple unspecified vulnerabilities have been found within the preview...
Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...
Server: Insufficient RSA Host Key validation in files_external (SFTP driver)
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...
Server: Local file inclusion in core
Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions. Depending on the ownCloud configuration and the authentication state of a remote attacker this...
Local file inclusion in core - ownCloud
Due to an improper control of the filename for a requireonce statement in the routing component a limited local file inclusion vulnerability is existent in all below mentioned ownCloud versions. Depending on the ownCloud configuration and the authentication state of a remote attacker this...
Users can mount the local filesystem - ownCloud
Due to an insufficient permission check authenticated users are able to access preview pictures of others users. Affected Software ownCloud Server 6.0.1 Action Taken It is recommended that all instances are upgraded to ownCloud Server 6.0.2. Acknowledgements The ownCloud team thanks the following...
Users can mount the local filesystem - ownCloud
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the filesexternal app to be enabled. Affected Software ownCloud Server 6.0.2 ownCloud Server 5.0.15 Action Taken It is recommended th...
Multiple XSS - ownCloud
Multiple stored and reflected XSS have been adressed. Affected Software ownCloud Server 6.0.2 Action Taken Acknowledgements The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory: Dirk van Veen - Itq [email protected] - Vulnerability...
XXE in multiple third party components - ownCloud
Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...
LDAP injection - ownCloud
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...
Host Header Poisoning - ownCloud
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. Affected...
Insecure Flash Cross Domain policies - ownCloud
Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user. Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All packaged Flash files have been audited whether they have potentially insecure Cross...
Insecure OpenID implementation - ownCloud
Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. Affected Software ownCloud Server 5.0.15...
Session Fixation - ownCloud
Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET. Affected Software ownCloud Server 6.0.2 CVE-2014-2047 Actio...
Server: Insecure Flash Cross Domain policies
Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: LDAP injection
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Host Header Poisoning
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. For more...
Server: Multiple XSS
Multiple stored and reflected XSS have been adressed. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: Session Fixation
Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET. For more information please consult the official advisory...
Server: Users can mount the local filesystem
Due to an insufficient permission check authenticated users are able to access preview pictures of others users. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Server: XXE in multiple third party components
Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...
Server: Users can mount the local filesystem
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the filesexternal app to be enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4....
Server: Insecure OpenID implementation
Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. For more information please consult the officia...
Deserialization of Untrusted Data in core - ownCloud
Due to the deserialization of unstrusted data in core an attacker might be able to delete arbitrary files from the filesystem or executing arbitrary SQL queries. This issue has been found in a widely used third-party library, we have removed the component due to general quality concerns from the...
Improper authorization checks in core - ownCloud
Due to an improper authorization check in core an attacker with access to at least two user account is able to access the file names of other users. Our post-mortem audit showed that this vulnerability does not leak any content of the file or the directory structure except the filename. Affected...
Enumeration of shared files in documents - ownCloud
Due to using the auto-incrementing fileid instead of the random generated token to access files in the documents app an authenticated users could enumerate shared files of other users. Affected Software ownCloud Server 6.0.3 CVE-2014-3837 Action Taken We replaced the usage of fileid with our rand...
CSRF in documents - ownCloud
Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks. An attacker could have used this to arbitrary modify existing files or rename it. Affected Software ownCloud Server 6.0.3...
Improper authorization checks in files_external - ownCloud
Due to not verifying whether an user has been granted access to add external storages an authenticated user could even mount external storage e.g. SMB/FTP/etc. without permission. Affected Software ownCloud Server 6.0.3 CVE-2014-3835 ownCloud Server 5.0.16 CVE-2014-3835 Action Taken We reviewed t...