Page 7 of 35 results (0.003 seconds)

CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 1

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. ownCloud Server en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2 permite a usuarios remotos autenticados obtener información sensible desde un listado de directorio y posiblemente provocar una denegación de servicio (consumo de CPU) a través del parámetro force en index.php/apps/files/ajax/scan.php. ownCloud versions 8.2.1 and below, 8.1.4 and below, and 8.0.9 and below suffer from an information exposure vulnerability via directory listings. • http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html http://www.securityfocus.com/archive/1/537244/100/0/threaded http://www.securityfocus.com/archive/1/537556/100/0/threaded https://owncloud.org/security/advisory/?id=oc-sa-2016-002 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-399: Resource Management Errors •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. icewind1991 SMB en versiones anteriores a 1.0.3 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a través de metacaracteres de shell en el argumento user en la función (1) listShares en server.php o (2) connect o (3) read en Share.php. • https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 https://owncloud.org/security/advisory/?id=oc-sa-2015-017 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. Vulnerabilidad de salto de directorio en ownCloud Server en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 permite a usuarios remotos autenticados listar contenidos del directorio y posiblemente provocar una denegación de servicio (consumo de la CPU) a través de .. (punto punto) en el parámetro dir en index.php/apps/files/ajax/scan.php. • http://www.debian.org/security/2015/dsa-3373 https://owncloud.org/security/advisory/?id=oc-sa-2015-014 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. ownCloud Server en versiones anteriores a 7.0.8, 8.0.x en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 no verifica adecuadamente el propietario de los calendarios, lo que permite a usuarios remotos autenticados leer calendarios arbitrariamente a través del parámetro calid en apps/calendar/export.php. • http://www.debian.org/security/2015/dsa-3373 https://owncloud.org/security/advisory/?id=oc-sa-2015-015 •

CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." La aplicación files_external en ownCloud Server en versiones anteriores a 7.0.9, 8.0.x en versiones anteriores a 8.0.7 y 8.1.x en versiones anteriores a 8.1.2 permite a usuarios remotos autenticados instanciar clases arbitrarias o posiblemente ejecutar código arbitrario a través de una opción de punto de montaje manipulada, relacionada con 'objectstore'. • http://www.debian.org/security/2015/dsa-3373 https://github.com/owncloud/core/pull/18558 https://owncloud.org/security/advisory/?id=oc-sa-2015-018 • CWE-20: Improper Input Validation •