The host is installed with ownCloud and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to perform a cross-site request forgery attack, execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, bypass authentication mechanisms and gain access to arbitrary local files. Impact Level: Application

Upgrade to ownCloud Server 5.0.18 or 6.0.6 or 7.0.3 or later. For updates refer to http://owncloud.org

Multiple flaws exists due to, - An error in the 'OC_Util::getUrlContent' function that is due to it allows redirects from other protocols (such as file://) - An error in the 'ldap_bind' function in libldap that is triggered when handling a password that contains NULL bytes. - The bookmark application does not validate input to bookmarks before returning it to users. - An error in the bookmarks application as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions.

ownCloud Server 5.x before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://osvdb.org/115165
• http://osvdb.org/115166
• http://osvdb.org/115171
• http://osvdb.org/115172
• https://owncloud.org/security/advisory/?id=oc-sa-2014-020
• https://owncloud.org/security/advisory/?id=oc-sa-2014-023
• https://owncloud.org/security/advisory/?id=oc-sa-2014-027
• https://owncloud.org/security/advisory/?id=oc-sa-2014-028

---

Updated on 2015-03-25