Page 8 of 120 results (0.005 seconds)

CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 1

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. ownCloud Server en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2 permite a usuarios remotos autenticados obtener información sensible desde un listado de directorio y posiblemente provocar una denegación de servicio (consumo de CPU) a través del parámetro force en index.php/apps/files/ajax/scan.php. ownCloud versions 8.2.1 and below, 8.1.4 and below, and 8.0.9 and below suffer from an information exposure vulnerability via directory listings. • http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html http://www.securityfocus.com/archive/1/537244/100/0/threaded http://www.securityfocus.com/archive/1/537556/100/0/threaded https://owncloud.org/security/advisory/?id=oc-sa-2016-002 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. Aplicación ownCloud iOS en versiones anteriores a 3.4.4 no cambia adecuadamente el estado entre múltiples instancias, lo que permite a administradores remotos de instancias obtener información sensible de credencial y cookie mediante lectura de cabeceras de autenticación. • https://owncloud.org/security/advisory/?id=oc-sa-2015-013 • CWE-522: Insufficiently Protected Credentials •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. icewind1991 SMB en versiones anteriores a 1.0.3 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a través de metacaracteres de shell en el argumento user en la función (1) listShares en server.php o (2) connect o (3) read en Share.php. • https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 https://owncloud.org/security/advisory/?id=oc-sa-2015-017 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 28%CPEs: 5EXPL: 0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. Vulnerabilidad de salto de directorio en el componente routing en ownCloud Server en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4, cuando se ejecuta en Windows, permite a atacantes remotos reinstalar la aplicación o ejecutar código arbitrario a través de vectores no especificados. • http://www.debian.org/security/2015/dsa-3373 http://www.securityfocus.com/bid/76159 https://owncloud.org/security/advisory/?id=oc-sa-2015-006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. El componente de saneo de nombre de archivo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 no maneja correctamente la proyección de parámetros $_GET por PHP a un array, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo del archivo log) a través de nombres de archivo de terminal manipulados. • http://www.debian.org/security/2015/dsa-3373 http://www.securityfocus.com/bid/76161 https://owncloud.org/security/advisory/?id=oc-sa-2015-007 • CWE-399: Resource Management Errors •