RETIRED: ownCloud Multiple Security Vulnerabilities

ownCloud is prone to the following security vulnerabilities:

1. Multiple cross-site scripting vulnerabilities
2. An open-redirection vulnerability
3. Multiple security-bypass vulnerability
4. An arbitrary file-upload vulnerability
5. Multiple directory-traversal vulnerabilities
6. Multiple SQL-injection vulnerabilities

Attackers can exploit these issues to bypass certain security restrictions, gain access to arbitrary files, steal cookie-based authentication information, upload and execute arbitrary PHP code in the context of the web server, redirect an user to a potentially malicious site which may aid in phishing attacks, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; other attacks are also possible.

This BID is being retired. The following individual records exist to better document the issues:

59975 ownCloud CVE-2013-2048 Security Bypass Vulnerability
59966 ownCloud 'calendar_id' Parameter Security Bypass Vulnerability
59969 ownCloud 'lib/bookmarks.php' Script CVE-2013-2046 SQL Injection Vulnerability
59968 ownCloud CVE-2013-2089 Arbitrary File Upload Vulnerability
59962 ownCloud CVE-2013-2044 Open Redirection Vulnerability
59961 ownCloud 'lib/db.php' Script CVE-2013-2045 SQL Injection Vulnerability
59950 ownCloud CVE-2013-2040 Multiple Cross Site Scripting Vulnerabilities
59951 ownCloud CVE-2013-2041 Multiple Cross Site Scripting Vulnerabilities
59952 ownCloud CVE-2013-2042 Multiple Cross Site Scripting Vulnerabilities
59949 ownCloud CVE-2013-2085 Directory Traversal Vulnerability
59947 ownCloud CVE-2013-2039 Directory Traversal Vulnerability


Privacy Statement
Copyright 2010, SecurityFocus