This host is installed with ownCloud and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to rename arbitrary files, gain access to arbitrary contacts of other users, perform a Cross-Site Request Forgery attack, enumerate shared files of other users and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Upgrade to ownCloud version 6.0.3 or later, For updates refer to http://owncloud.org

Multiple flaws are due to, - Input passed to 'print_unescaped' function in the Documents component is not validated before returning it to users. - Server fails to verify permissions for users that attempt to rename files of other users. - HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. - Program uses the auto-incrementing file_id instead of randomly generated token.

ownCloud Server 6.0.x before 6.0.3

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://www.osvdb.com/107340
• http://www.osvdb.com/107341
• http://www.osvdb.com/107344
• http://xforce.iss.net/xforce/xfdb/93682
• http://xforce.iss.net/xforce/xfdb/93689

---

Updated on 2017-03-28