[ MDVSA-2015:190 ] owncloud

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:190
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : owncloud
 Date    : April 1, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in owncloud:
 
 * Login bypass when using user_ldap due to unauthenticated binds
 (oC-SA-2014-020)
 
 * Login bypass when using the external FTP user backend
 (oC-SA-2014-022)
 
 * CSRF in bookmarks application (oC-SA-2014-027)
 
 * Stored XSS in bookmarks application (oC-SA-2014-028)
 
 * Multiple stored XSS in contacts application (oC-SA-2015-001)
 
 * Multiple stored XSS in documents application (oC-SA-2015-002)
 
 * Bypass of file blacklist (oC-SA-2015-004)
 
 The upd

Leave a Reply