ownCloud Multiple Security Vulnerabilities

ownCloud is prone to the following security vulnerabilities:

1. Multiple cross-site scripting vulnerabilities
2. An open-redirection vulnerability
3. Multiple security-bypass vulnerability
4. An arbitrary file-upload vulnerability
5. Multiple directory-traversal vulnerabilities
6. Multiple SQL-injection vulnerabilities

Attackers can exploit these issues to bypass certain security restrictions, gain access to arbitrary files, steal cookie-based authentication information, upload and execute arbitrary PHP code in the context of the web server, redirect an user to a potentially malicious site which may aid in phishing attacks, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database; other attacks are also possible.


Privacy Statement
Copyright 2010, SecurityFocus