FreeBSD : owncloud -- Multiple security vulnerabilities (d7a43ee6-d2d5-11e2-9894-002590082ac6)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The ownCloud development team reports :

oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to
Mateusz Goik (

oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals.
Credit to Mateusz Goik (

oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities.
Credit to Mateusz Goik ( and Kacper R.

oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz
Goik (

oC-SA-2013-023 / CVE-2013-2047: Password autocompletion.

oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar
application. Credit to Mateusz Goik (

oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the

oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability.

oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage.

oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.5

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now