Page 23 of 126 results (0.016 seconds)

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. Vulnerabilidad lista negra incompleta en lib/filesystem.php en ownCloud antes de v4.0.9 y v4.5.x antes de v4.5.2 permite a usuarios remotos autenticados ejecutar código PHP arbitrario mediante la carga de un archivo con un nombre especial manipulado. • http://owncloud.org/changelog http://owncloud.org/security/advisories/oc-sa-2012-005 http://secunia.com/advisories/51357 http://www.openwall.com/lists/oss-security/2012/11/30/3 https://github.com/owncloud/core/commit/3cd416b667 https://github.com/owncloud/core/commit/4b86c43 https://github.com/owncloud/core/commit/6540c0fc63 https://github.com/owncloud/core/commit/f599267 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.9 y v4.5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) nombre de archivo a apps/files_versions/js/versions.js (2) apps/files/js/filelist.js o (3) titulo del evento a 3rdparty/fullcalendar/js/fullcalendar.js. • http://owncloud.org/changelog http://owncloud.org/security/advisories/oc-sa-2012-001 http://secunia.com/advisories/51357 http://www.openwall.com/lists/oss-security/2012/11/30/3 https://github.com/owncloud/core/commit/ce66759 https://github.com/owncloud/core/commit/e45f36c https://github.com/owncloud/core/commit/e5f2d46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en ownCloud anterior a v4.0.5, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas mediante vectores desconocidos(1) . • http://owncloud.org/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 8

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) nombre de ficheros para apps/user_ldap/settings.php; (2) url o (3) parámetro título para apps/bookmarks/ajax/editBookmark.php; (4) etiqueta o (5) parámetro page para apps/bookmarks/ajax/updateList.php; (6) identity para apps/user_openid/settings.php; (7) nombre stack en apps/gallery/lib/tiles.php; (8) parámetro root para apps/gallery/templates/index.php; (9) calendar displayname en apps/calendar/templates/part.import.php; (10) calendar uri en apps/calendar/templates/part.choosecalendar.rowfields.php; (11) título, (12) localización, o (13) parámetro descripción en apps/calendar/lib/object.php; (14) ciertos vectores en core/js/multiselect.js; o (15) artist, (16) album, o (17) title comments parámetros en apps/media/lib_scanner.php. • http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027 https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5 https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7 https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438 https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c https://github.com/owncloud&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro redirect_url • http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •