FreeBSD : owncloud -- Multiple security vulnerabilities (d7a43ee6-d2d5-11e2-9894-002590082ac6)

Medium Nessus Plugin ID 66875


The remote FreeBSD host is missing a security-related update.


The ownCloud development team reports :

oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik (

oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals.
Credit to Mateusz Goik (

oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities.
Credit to Mateusz Goik ( and Kacper R.

oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz Goik (

oC-SA-2013-023 / CVE-2013-2047: Password autocompletion.

oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application. Credit to Mateusz Goik (

oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API.

oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability.

oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage.

oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 66875

File Name: freebsd_pkg_d7a43ee6d2d511e29894002590082ac6.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2013/06/12

Modified: 2014/03/11

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:owncloud, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/06/11

Vulnerability Publication Date: 2013/05/14

Reference Information

CVE: CVE-2013-2039, CVE-2013-2040, CVE-2013-2041, CVE-2013-2042, CVE-2013-2043, CVE-2013-2044, CVE-2013-2045, CVE-2013-2047, CVE-2013-2048, CVE-2013-2085, CVE-2013-2086, CVE-2013-2089, CVE-2013-2149, CVE-2013-2150