ID de Prueba:	1.3.6.1.4.1.25623.1.0.803742
Categoría:	Web application abuses
Título:	ownCloud 4.0.x < 4.0.10, 4.5.x < 4.5.5 Multiple Vulnerabilities - Active Check
Resumen:	ownCloud is prone to cross-site scripting (XSS) and security; bypass vulnerabilities.
Descripción:	Summary: ownCloud is prone to cross-site scripting (XSS) and security bypass vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The application not verifying permissions when accessing settings.php can be exploited to change the app configuration for user_webdavauth and user_ldap and subsequently login as arbitrary users. - Certain input passed to apps/bookmark/index.php is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attacker to execute arbitrary HTML or script code or discloses sensitive information resulting in loss of confidentiality. Affected Software/OS: ownCloud versions 4.0.x prior to 4.0.10 and 4.5.x prior to 4.5.5. Solution: Update to version 4.0.10, 4.5.5 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5665 BugTraq ID: 57030 http://www.securityfocus.com/bid/57030 http://www.openwall.com/lists/oss-security/2012/12/22/2 http://www.openwall.com/lists/oss-security/2012/12/22/5 http://secunia.com/advisories/51614 XForce ISS Database: owncloud-settings-sec-bypass(80808) https://exchange.xforce.ibmcloud.com/vulnerabilities/80808 Common Vulnerability Exposure (CVE) ID: CVE-2012-5666
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.