309 matches found
Server: Auth bypass in index.php
index.php before ownCloud 4.0.7 does not properly validate the octoken cookie, which allows remote attackers to bypass authentication via a crafted octoken cookie value. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Multiple stored XSS - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...
Server: Multiple stored XSS
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...
Several CSRF security fixes - ownCloud
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use addBookmark.php in bookmarks/ajax/ delBookmark.php in bookmarks/ajax/ editBookmark.php in bookmarks/ajax/...
Auth bypass in index.php - ownCloud
ownCloud 4.0.6 and all versions previous to this doesn't sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. Affected...
Server: Auth bypass in index.php
ownCloud 4.0.6 and all versions previous to this doesn't sufficiently verify whether a request to appconfig.php was sent by an admin, which allows remote authenticated users to edit app configurations. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. For more...
Server: Several CSRF security fixes
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use addBookmark.php in bookmarks/ajax/ delBookmark.php in bookmarks/ajax/ editBookmark.php in bookmarks/ajax/...
Reflected XSS - ownCloud
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. Affected Software ownCloud Server 4.0.3 CVE-2012-4395 Action Taken It is recommended that all instances are upgraded to ownClo...
Server: Reflected XSS
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...