Vulnerabilities > Owncloud > Owncloud > 4.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-05 | CVE-2012-4391 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | 6.8 |
| 2012-09-05 | CVE-2012-4390 | Information Exposure vulnerability in Owncloud (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. | 4.0 |
| 2012-09-05 | CVE-2012-4389 | Unspecified vulnerability in Owncloud Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. network owncloud | 6.8 |