FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

owncloud -- Multiple security vulnerabilities

Affected packages
owncloud < 5.0.7

Details

VuXML ID d7a43ee6-d2d5-11e2-9894-002590082ac6
Discovery 2013-05-14
Entry 2013-06-11

The ownCloud development team reports:

oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals. Credit to Mateusz Goik (aliantsoft.pl).

oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities. Credit to Mateusz Goik (aliantsoft.pl) and Kacper R. (http://devilteam.pl).

oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-023 / CVE-2013-2047: Password autocompletion.

oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API.

oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability.

oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage.

oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.

References

CVE Name CVE-2013-2039
CVE Name CVE-2013-2040
CVE Name CVE-2013-2041
CVE Name CVE-2013-2042
CVE Name CVE-2013-2043
CVE Name CVE-2013-2044
CVE Name CVE-2013-2045
CVE Name CVE-2013-2047
CVE Name CVE-2013-2048
CVE Name CVE-2013-2085
CVE Name CVE-2013-2086
CVE Name CVE-2013-2089
CVE Name CVE-2013-2149
CVE Name CVE-2013-2150
URL http://owncloud.org/about/security/advisories/oC-SA-2013-019/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-020/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-021/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-022/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-023/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-024/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-025/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-026/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-027/
URL http://owncloud.org/about/security/advisories/oC-SA-2013-028/