MDVSA-2015:190: owncloud

Multiple vulnerabilities has been discovered and corrected in owncloud:

* Login bypass when using user_ldap due to unauthenticated binds
(oC-SA-2014-020)

* Login bypass when using the external FTP user backend
(oC-SA-2014-022)

* CSRF in bookmarks application (oC-SA-2014-027)

* Stored XSS in bookmarks application (oC-SA-2014-028)

* Multiple stored XSS in contacts application (oC-SA-2015-001)

* Multiple stored XSS in documents application (oC-SA-2015-002)

* Bypass of file blacklist (oC-SA-2015-004)

The updated packages have been upgraded to the 5.0.19 version where
these security flaws has been fixed.

Leave a Reply