Computer Security
[EN] securityvulns.ru no-pyccku


owncloud security vulnerabilities
Published:05.05.2014
Source:
SecurityVulns ID:13741
Type:remote
Threat Level:
5/10
Description:Owncloud versions 5.0.15 and 6.0.2 fix several unspecified security vulnerabilities, as well as many other bugs.
Affected:OWNCLOUD : owncloud 5.0
 OWNCLOUD : owncloud 6.0
CVE:CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-2044 - Remote Code Execution in ownCloud (05.05.2014)
 documentMANDRIVA, [ MDVSA-2014:055 ] owncloud (05.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod