This host is installed with ownCloud and is prone to multiple arbitrary code execution and local file disclosure vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary PHP code by uploading a '.htaccess' file and gain access to arbitrary files. Impact Level: System/Application

Upgrade to ownCloud version 4.0.13 or 4.5.8 or later, For updates refer to http://owncloud.org

Multiple flaws are due to, - Improper verification of user-uploaded files by apps/contacts/import.php and apps/contacts/ajax/uploadimport.php scripts. - Insufficient sanitization of user-supplied input to lib/migrate.php script.

ownCloud Server before version 4.0.13 and 4.5.x before version 4.5.8

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://owncloud.org/about/security/advisories/oC-SA-2013-009
• http://owncloud.org/about/security/advisories/oC-SA-2013-010
• http://seclists.org/oss-sec/2013/q1/652
• http://www.osvdb.com/91293
• http://www.osvdb.com/91294
• http://www.osvdb.com/91302

---

Updated on 2015-03-25