Owncloud: >> Owncloud >> 5.0.4 Security Vulnerabilities
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
CVSS Score
4.0
EPSS Score
0.003
Published
2014-03-14
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
CVSS Score
4.6
EPSS Score
0.004
Published
2014-03-14
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.004
Published
2014-03-14
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-03-14
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
CVSS Score
6.8
EPSS Score
0.003
Published
2013-12-24
Page 7