ID de Prueba:	1.3.6.1.4.1.25623.1.0.804661
Categoría:	Web application abuses
Título:	ownCloud Multiple Vulnerabilities-03 (Jul 2014)
Resumen:	ownCloud is prone to multiple vulnerabilities.
Descripción:	Summary: ownCloud is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Input passed to 'print_unescaped' function in the Documents component is not validated before returning it to users. - Server fails to verify permissions for users that attempt to rename files of other users. - HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. - Program uses the auto-incrementing file_id instead of randomly generated token. Vulnerability Impact: Successful exploitation will allow remote attackers to rename arbitrary files, gain access to arbitrary contacts of other users, perform a Cross-Site Request Forgery attack, enumerate shared files of other users and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: ownCloud Server 6.0.x before 6.0.3 Solution: Update to version 6.0.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3832 Common Vulnerability Exposure (CVE) ID: CVE-2014-3834 Common Vulnerability Exposure (CVE) ID: CVE-2014-3836 Common Vulnerability Exposure (CVE) ID: CVE-2014-3837
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.