Test ID:	1.3.6.1.4.1.25623.1.0.804658
Category:	Web application abuses
Title:	ownCloud Multiple Vulnerabilities-01 (Jul 2014)
Summary:	ownCloud is prone to multiple vulnerabilities.
Description:	Summary: ownCloud is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to an: - Input passed to 'apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf' script via 'readyCallback' parameter is not sanitized before returning it to users. - Input passed to 'lib/db.php' script via malformed query is not sanitized before returning it to users. - Input passed to 'apps/gallery/templates/index.php' script via 'root' parameter is not sanitized before returning it to users. - Application does not validate the URL path upon submission to the 'index.php' script. - Improper validation of input passed to 'lib/base.php' script via 'user_id session' variable. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to arbitrary user files, insert arbitrary HTTP headers and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: ownCloud Server 4.0.x before 4.0.8 Solution: Update to version 4.0.8 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5056 Common Vulnerability Exposure (CVE) ID: CVE-2012-5057 Common Vulnerability Exposure (CVE) ID: CVE-2012-5336
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.