Vulnerabilities > CVE-2013-2089 - Unspecified vulnerability in Owncloud

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

owncloud

nessus

NVD

Published: 2014-03-14

Updated: 2024-11-21

Summary

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

Vulnerable Configurations

Part	Description	Count
Application	Owncloud Owncloud Owncloud 5.0.2 Owncloud Owncloud 5.0.3 Owncloud Owncloud 5.0.0 Owncloud Owncloud 5.0.1 Owncloud Owncloud 5.0.4 Owncloud Owncloud - Owncloud Owncloud 0.0.2 Owncloud Owncloud 1.0.1 Owncloud Owncloud 1.0.2 Owncloud Owncloud 1.0.3 Owncloud Owncloud 1.0.4 Owncloud Owncloud 1.1.0 Owncloud Owncloud 1.1.1 Owncloud Owncloud 1.1.2 Owncloud Owncloud 1.1.3 Owncloud Owncloud 1.1.4 Owncloud Owncloud 1.2.0 Owncloud Owncloud 1.2.1 Owncloud Owncloud 1.2.2 Owncloud Owncloud 1.2.3 Owncloud Owncloud 1.2.4 Owncloud Owncloud 1.2.5 Owncloud Owncloud 1.3.0 Owncloud Owncloud 1.3.1 Owncloud Owncloud 1.3.2 Owncloud Owncloud 1.3.12 Owncloud Owncloud 1.3.13 Owncloud Owncloud 1.3.14 Owncloud Owncloud 1.3.17 Owncloud Owncloud 1.3.18 Owncloud Owncloud 1.3.19 Owncloud Owncloud 1.3.20 Owncloud Owncloud 1.3.21 Owncloud Owncloud 1.3.22 Owncloud Owncloud 1.4.0 Owncloud Owncloud 1.4.1 Owncloud Owncloud 1.4.2 Owncloud Owncloud 1.4.3 Owncloud Owncloud 1.4.4 Owncloud Owncloud 1.4.5 Owncloud Owncloud 1.4.6 Owncloud Owncloud 1.5.0 Owncloud Owncloud 1.5.1 Owncloud Owncloud 1.5.2 Owncloud Owncloud 1.5.3 Owncloud Owncloud 1.5.4 Owncloud Owncloud 1.5.5 Owncloud Owncloud 1.5.6 Owncloud Owncloud 1.5.7 Owncloud Owncloud 1.5.8 Owncloud Owncloud 1.6.0 Owncloud Owncloud 1.6.1 Owncloud Owncloud 1.6.2 Owncloud Owncloud 1.6.3 Owncloud Owncloud 1.6.4 Owncloud Owncloud 1.7.0 Owncloud Owncloud 1.7.1 Owncloud Owncloud 1.7.2 Owncloud Owncloud 1.8 Owncloud Owncloud 1.8.0 Owncloud Owncloud 1.8.1 Owncloud Owncloud 1.8.2 Owncloud Owncloud 1.8.3 Owncloud Owncloud 1.8.4 Owncloud Owncloud 1.9 Owncloud Owncloud 1.9.1 Owncloud Owncloud 2.0.0 Owncloud Owncloud 2.0.1 Owncloud Owncloud 2.0.1.1 Owncloud Owncloud 2.0.2 Owncloud Owncloud 2.1.0 Owncloud Owncloud 2.1.1 Owncloud Owncloud 2.1.2 Owncloud Owncloud 2.2.0 Owncloud Owncloud 2.2.1 Owncloud Owncloud 2.2.2 Owncloud Owncloud 2.2.3 Owncloud Owncloud 2.2.4 Owncloud Owncloud 2.3.0 Owncloud Owncloud 2.3.1 Owncloud Owncloud 2.3.2 Owncloud Owncloud 2.3.3 Owncloud Owncloud 2.3.4 Owncloud Owncloud 2.4.0 Owncloud Owncloud 2.4.1 Owncloud Owncloud 2.4.2 Owncloud Owncloud 2.4.3 Owncloud Owncloud 2.5.0 Owncloud Owncloud 2.5.1 Owncloud Owncloud 2.5.2 Owncloud Owncloud 2.5.3 Owncloud Owncloud 2.5.4 Owncloud Owncloud 2.6.0 Owncloud Owncloud 2.6.1 Owncloud Owncloud 2.6.2 Owncloud Owncloud 2.6.3 Owncloud Owncloud 2.7.0 Owncloud Owncloud 2.7.1 Owncloud Owncloud 2.7.2 Owncloud Owncloud 2.7.3 Owncloud Owncloud 2.7.4 Owncloud Owncloud 2.7.5 Owncloud Owncloud 2.7.6 Owncloud Owncloud 2.7.7 Owncloud Owncloud 2.8.0 Owncloud Owncloud 2.8.1 Owncloud Owncloud 2.8.2 Owncloud Owncloud 2.9.0 Owncloud Owncloud 2.9.1 Owncloud Owncloud 2.9.2 Owncloud Owncloud 2.9.3 Owncloud Owncloud 2.10.0 Owncloud Owncloud 2.10.1 Owncloud Owncloud 2.11.0 Owncloud Owncloud 2.11.1 Owncloud Owncloud 2.12 Owncloud Owncloud 2.13 Owncloud Owncloud 2.13.1 Owncloud Owncloud 2.14 Owncloud Owncloud 2.14.1 Owncloud Owncloud 2.14.2 Owncloud Owncloud 2.15 Owncloud Owncloud 2.15.1 Owncloud Owncloud 2.15.2 Owncloud Owncloud 2.15.3 Owncloud Owncloud 2.16 Owncloud Owncloud 2.17 Owncloud Owncloud 2.18 Owncloud Owncloud 2.18.1 Owncloud Owncloud 3.0.0 Owncloud Owncloud 3.0.1 Owncloud Owncloud 3.0.2 Owncloud Owncloud 3.0.3 Owncloud Owncloud 3.4.3 Owncloud Owncloud 3.4.4 Owncloud Owncloud 4.0.0 Owncloud Owncloud 4.0.1 Owncloud Owncloud 4.0.2 Owncloud Owncloud 4.0.3 Owncloud Owncloud 4.0.4 Owncloud Owncloud 4.0.5 Owncloud Owncloud 4.0.6 Owncloud Owncloud 4.0.7 Owncloud Owncloud 4.0.8 Owncloud Owncloud 4.0.9 Owncloud Owncloud 4.0.10 Owncloud Owncloud 4.0.11 Owncloud Owncloud 4.0.12 Owncloud Owncloud 4.0.13 Owncloud Owncloud 4.0.14 Owncloud Owncloud 4.0.15 Owncloud Owncloud 4.0.16 Owncloud Owncloud 4.5.0 Owncloud Owncloud 4.5.1 Owncloud Owncloud 4.5.2 Owncloud Owncloud 4.5.3 Owncloud Owncloud 4.5.4 Owncloud Owncloud 4.5.5 Owncloud Owncloud 4.5.6 Owncloud Owncloud 4.5.7 Owncloud Owncloud 4.5.8 Owncloud Owncloud 4.5.9 Owncloud Owncloud 4.5.10 Owncloud Owncloud 4.5.11 Owncloud Owncloud 4.5.12 Owncloud Owncloud 4.5.13 Owncloud Owncloud 5.0.5	322

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_D7A43EE6D2D511E29894002590082AC6.NASL
description	The ownCloud development team reports : oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals. Credit to Mateusz Goik (aliantsoft.pl). oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities. Credit to Mateusz Goik (aliantsoft.pl) and Kacper R. (http://devilteam.pl). oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-023 / CVE-2013-2047: Password autocompletion. oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application. Credit to Mateusz Goik (aliantsoft.pl). oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API. oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability. oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage. oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	66875
published	2013-06-12
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66875
title	FreeBSD : owncloud -- Multiple security vulnerabilities (d7a43ee6-d2d5-11e2-9894-002590082ac6)

Summary

Vulnerable Configurations

Nessus

References