Web application abuses : ownCloud <= 4.0.10, 4.5.x <= 4.5.5 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103645

Categoría: Web application abuses

Título: ownCloud <= 4.0.10, 4.5.x <= 4.5.5 Multiple Vulnerabilities - Active Check

Resumen: ownCloud is prone to an arbitrary-code execution vulnerability,; multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities; because it fails to properly sanitize user-supplied input.

Descripción: Summary:
ownCloud is prone to an arbitrary-code execution vulnerability,
multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities
because it fails to properly sanitize user-supplied input.

Vulnerability Impact:
Successful exploits will allow attacker-supplied HTML and script
code to run in the context of the affected browser, potentially allowing the attacker to steal
cookie-based authentication credentials or control how the site is rendered to the user and to
execute arbitrary code in the context of the web server. Other attacks are also possible.

Affected Software/OS:
ownCloud versions through 4.0.10 and 4.5.x through 4.5.5.

Solution:
Vendor updates are available. Please see the references for
more information.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0201
http://osvdb.org/89505
http://osvdb.org/89506
http://osvdb.org/89511
XForce ISS Database: owncloud-mime-token-xss(81475)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81475
Common Vulnerability Exposure (CVE) ID: CVE-2013-0202
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/
Common Vulnerability Exposure (CVE) ID: CVE-2013-0203
https://exchange.xforce.ibmcloud.com/vulnerabilities/81478
Common Vulnerability Exposure (CVE) ID: CVE-2013-0204

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103645
Categoría:	Web application abuses
Título:	ownCloud <= 4.0.10, 4.5.x <= 4.5.5 Multiple Vulnerabilities - Active Check
Resumen:	ownCloud is prone to an arbitrary-code execution vulnerability,; multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities; because it fails to properly sanitize user-supplied input.
Descripción:	Summary: ownCloud is prone to an arbitrary-code execution vulnerability, multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user and to execute arbitrary code in the context of the web server. Other attacks are also possible. Affected Software/OS: ownCloud versions through 4.0.10 and 4.5.x through 4.5.5. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0201 http://osvdb.org/89505 http://osvdb.org/89506 http://osvdb.org/89511 XForce ISS Database: owncloud-mime-token-xss(81475) https://exchange.xforce.ibmcloud.com/vulnerabilities/81475 Common Vulnerability Exposure (CVE) ID: CVE-2013-0202 https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ Common Vulnerability Exposure (CVE) ID: CVE-2013-0203 https://exchange.xforce.ibmcloud.com/vulnerabilities/81478 Common Vulnerability Exposure (CVE) ID: CVE-2013-0204
Copyright	Copyright (C) 2013 Greenbone AG