ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

Description

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.

Remediation

References

CVE-2013-1963

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361)

WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Security Bypass (4.9.3)

WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Cross-Site Scripting (1.7.0.10)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Directory Traversal (5.6.23)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2013-1963 CWE-264