CVE-2012-4752
https://notcve.org/view.php?id=CVE-2012-4752
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. appconfig.php en ownCloud anterior a v4.0.6 no restringe correctamente el acceso, lo que permite a usuarios remotos autenticados editar las configuraciones de aplicaciones a través de vectores no especificados. NOTA: esto puede ser aprovechado por atacantes no autenticados remotos usando CVE-2012-4393. • http://owncloud.org/changelog http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4397
https://notcve.org/view.php?id=CVE-2012-4397
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del displayname calendar para part.choosecalendar.rowfields.php o (2) part.choosecalendar.rowfields.shared.php en apps/calendar/templates/; o (3) vectores no especificados para apps/contacts/lib/vcard.php. • http://owncloud.org/changelog http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4390
https://notcve.org/view.php?id=CVE-2012-4390
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. (1) apps/calendar/appinfo/remote.php y (2) apps/contacts/appinfo/remote.php en ownCloud anterior a v4.0.7 permite a usuarios remotos autenticados enumerar los usuarios registrados mediante vectores desconocidos. • http://owncloud.org/changelog http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-4394
https://notcve.org/view.php?id=CVE-2012-4394
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en apps/files/js/filelist.js en ownCloud anterior a v4.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro file • http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4389
https://notcve.org/view.php?id=CVE-2012-4389
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Vulnerabilidad de incompatibilidad en lib/migrate.php en ownCloud anterior a v4.0.7 permite a atacantes remotos ejecutar código arbitrario mediante la carga de un archivo .htaccess en un archivo import.zip y el acceso a un archivo PHP cargado. • http://www.openwall.com/lists/oss-security/2012/09/02/2 https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a •