Page 14 of 68 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en ownCloud anterior a 6.0.2, cuando PHP está configurado para aceptar parámetros de sesión mediante una solicitud GET, permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2014-001 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 52EXPL: 0

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. Las políticas de Flash Cross Domain por defecto en ownCloud anterior a 5.0.15 y 6.x anterior a 6.0.2 permite a atacantes remotos acceder a archivos de usuario a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2014-003 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad Cross-Site Scripting (XSS) en ownCloud en versiones anteriores a la 6.0.1 permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante el nombre de archivo de un archivo subido. ownCloud version 6.0.0a suffers from file deletion, cross site request forgery, and cross site scripting vulnerabilities. It has also been reported that the same cross site scripting issue also affects Pydio version 5.20. • https://www.exploit-db.com/exploits/31427 http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html http://www.securityfocus.com/bid/65457 https://exchange.xforce.ibmcloud.com/vulnerabilities/91012 https://packetstormsecurity.com/files/125086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •