Description

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Remediation

References

CVE-2014-9049

Related Vulnerabilities

Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20346)

Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-20166)

PHP POST file upload buffer overflow vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4921)

WordPress Plugin Product Limited Time Availability Date for woocommerce Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2014-9049 CWE-200

Tags

Missing Update Known Vulnerabilities