Owncloud: >> Owncloud Server >> 4.0.5 Security Vulnerabilities
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
CVSS Score
6.8
EPSS Score
0.017
Published
2012-09-05
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2012-09-05
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
CVSS Score
6.8
EPSS Score
0.001
Published
2012-09-05
Page 4