ID de Prueba:	1.3.6.1.4.1.25623.1.0.803741
Categoría:	Web application abuses
Título:	ownCloud < 4.0.9, 4.5.x < 4.5.2 Multiple Vulnerabilities - Active Check
Resumen:	ownCloud is prone to cross-site scripting (XSS) and file upload; vulnerabilities.
Descripción:	Summary: ownCloud is prone to cross-site scripting (XSS) and file upload vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. - Certain unspecified input passed to apps/user_webdavauth/settings.php is not properly sanitised before being returned to the user. - An error due to the lib/migrate.php and lib/filesystem.php scripts are not properly verifying uploaded files. Vulnerability Impact: Successful exploitation will allow remote attacker to execute arbitrary HTML or script code or discloses sensitive information resulting in loss of confidentiality. Affected Software/OS: ownCloud versions prior to 4.0.9 and 4.5.x prior to 4.5.2. Solution: Update to version 4.0.9, 4.5.2 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5606 http://www.openwall.com/lists/oss-security/2012/11/30/3 http://secunia.com/advisories/51357 Common Vulnerability Exposure (CVE) ID: CVE-2012-5607 Common Vulnerability Exposure (CVE) ID: CVE-2012-5608 Common Vulnerability Exposure (CVE) ID: CVE-2012-5609 Common Vulnerability Exposure (CVE) ID: CVE-2012-5610
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.