Web application abuses : ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103473

Categoría: Web application abuses

Título: ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities - Active Check

Resumen: ownCloud is prone to a URI open-redirection vulnerability,; multiple cross-site scripting (XSS) vulnerabilities and multiple HTML-injection vulnerabilities; because it fails to properly sanitize user-supplied input.

Descripción: Summary:
ownCloud is prone to a URI open-redirection vulnerability,
multiple cross-site scripting (XSS) vulnerabilities and multiple HTML-injection vulnerabilities
because it fails to properly sanitize user-supplied input.

Vulnerability Impact:
An attacker could leverage the cross-site scripting issues to
execute arbitrary script code in the browser of an unsuspecting user in the context of the
affected site. This may let the attacker steal cookie-based authentication credentials and launch
other attacks.

Attacker-supplied HTML and script code would run in the context of the affected browser,
potentially allowing the attacker to steal cookie-based authentication credentials or control how
the site is rendered to the user. Other attacks are also possible.

Successful exploits may redirect a user to a potentially malicious site. This may aid in phishing
attacks.

Affected Software/OS:
ownCloud 3.0.0 is vulnerable. Other versions may also be
affected.

Solution:
Updates are available. Please see the reference for more
details.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2269
BugTraq ID: 53145
http://www.securityfocus.com/bid/53145
Bugtraq: 20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html
http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt
http://www.openwall.com/lists/oss-security/2012/08/11/1
http://www.openwall.com/lists/oss-security/2012/09/02/2
http://osvdb.org/81206
http://osvdb.org/81207
http://osvdb.org/81208
http://osvdb.org/81209
http://osvdb.org/81210
http://secunia.com/advisories/48850
XForce ISS Database: owncloud-multiple1-xss(75028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75028
Common Vulnerability Exposure (CVE) ID: CVE-2012-2270
http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html
http://osvdb.org/81211
XForce ISS Database: owncloud-index-open-redirect(75029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75029
Common Vulnerability Exposure (CVE) ID: CVE-2012-2397
XForce ISS Database: owncloud-unspecified-csrf(75030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75030
Common Vulnerability Exposure (CVE) ID: CVE-2012-2398

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103473
Categoría:	Web application abuses
Título:	ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities - Active Check
Resumen:	ownCloud is prone to a URI open-redirection vulnerability,; multiple cross-site scripting (XSS) vulnerabilities and multiple HTML-injection vulnerabilities; because it fails to properly sanitize user-supplied input.
Descripción:	Summary: ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting (XSS) vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker could leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Successful exploits may redirect a user to a potentially malicious site. This may aid in phishing attacks. Affected Software/OS: ownCloud 3.0.0 is vulnerable. Other versions may also be affected. Solution: Updates are available. Please see the reference for more details. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2269 BugTraq ID: 53145 http://www.securityfocus.com/bid/53145 Bugtraq: 20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt http://www.openwall.com/lists/oss-security/2012/08/11/1 http://www.openwall.com/lists/oss-security/2012/09/02/2 http://osvdb.org/81206 http://osvdb.org/81207 http://osvdb.org/81208 http://osvdb.org/81209 http://osvdb.org/81210 http://secunia.com/advisories/48850 XForce ISS Database: owncloud-multiple1-xss(75028) https://exchange.xforce.ibmcloud.com/vulnerabilities/75028 Common Vulnerability Exposure (CVE) ID: CVE-2012-2270 http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html http://osvdb.org/81211 XForce ISS Database: owncloud-index-open-redirect(75029) https://exchange.xforce.ibmcloud.com/vulnerabilities/75029 Common Vulnerability Exposure (CVE) ID: CVE-2012-2397 XForce ISS Database: owncloud-unspecified-csrf(75030) https://exchange.xforce.ibmcloud.com/vulnerabilities/75030 Common Vulnerability Exposure (CVE) ID: CVE-2012-2398
Copyright	Copyright (C) 2012 Greenbone AG