MidnightBSD

Advisories for fruux

CVE-2013-1939 MEDIUM

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
owncloud owncloud *
fruux sabredav *
CVE-2014-2055 HIGH

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fruux sabredav 1.6.6
fruux sabredav 1.6.0
owncloud owncloud 5.0.11
fruux sabredav 1.8.6
fruux sabredav 1.6.2
fruux sabredav 1.8.4
owncloud owncloud *
fruux sabredav 1.6.5
owncloud owncloud 5.0.9
fruux sabredav 1.7.8
fruux sabredav 1.8.9
fruux sabredav 1.6.9
owncloud owncloud 5.0.13
fruux sabredav 1.6.4
owncloud owncloud 5.0.12
fruux sabredav 1.6.3
owncloud owncloud 5.0.14
fruux sabredav 1.8.0
owncloud owncloud 5.0.2
fruux sabredav 1.8.3
fruux sabredav 1.8.1
owncloud owncloud 6.0.1
fruux sabredav 1.7.3
fruux sabredav 1.7.0
owncloud owncloud 5.0.4
fruux sabredav 1.7.2
owncloud owncloud 5.0.8
fruux sabredav 1.8.2
owncloud owncloud 5.0.7
fruux sabredav 1.7.5
owncloud owncloud 5.0.0
fruux sabredav 1.7.4
fruux sabredav 1.7.9
fruux sabredav 1.6.8
owncloud owncloud 5.0.1
fruux sabredav *
owncloud owncloud 5.0.5
fruux sabredav 1.6.7
fruux sabredav 1.8.5
owncloud owncloud 5.0.3
fruux sabredav 1.8.7
fruux sabredav 1.6.10
owncloud owncloud 5.0.6
owncloud owncloud 6.0.0
owncloud owncloud 5.0.10
fruux sabredav 1.7.7
fruux sabredav 1.6.1
fruux sabredav 1.7.1
fruux sabredav 1.7.6