Skip to main content

Owncloud CVE-2015-4716

CRITICAL
Path Traversal (CWE-22)
2015-10-21 cve@mitre.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Oct 21, 2015 - 18:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

AnalysisAI

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.6% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. Affected products include: Owncloud, Owncloud Owncloud Server, Microsoft Windows. Version information: before 7.0.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2014-2044 HIGH POC
7.5 Oct 06

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote aut

CVE-2012-2270 MEDIUM POC
5.8 Apr 20

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redire

CVE-2016-9463 HIGH POC
8.1 Mar 28

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authenti

CVE-2016-1499 HIGH POC
8.5 Jan 08

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sen

CVE-2012-4389 MEDIUM POC
6.8 Sep 05

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitr

CVE-2012-4393 MEDIUM POC
6.8 Sep 05

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the

CVE-2017-9340 MEDIUM POC
6.5 Jul 17

An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before

CVE-2016-9459 MEDIUM POC
6.1 Mar 28

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentiall

CVE-2016-9466 MEDIUM POC
6.1 Mar 28

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery applica

CVE-2013-1942 MEDIUM POC
4.3 Aug 15

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf)

CVE-2021-35946 CRITICAL
9.8 Sep 07

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissio

CVE-2016-9467 MEDIUM POC
5.3 Mar 28

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the f

Share

CVE-2015-4716 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy