admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2014/CVE-2014-20xx/CVE-2014-2044.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

283 lines
10 KiB
JSON
Raw Blame History

{
"id": "CVE-2014-2044",
"sourceIdentifier": "cve@mitre.org",
"published": "2014-10-06T23:55:08.327",
"lastModified": "2018-10-09T19:43:07.360",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remotos autenticados evadir las restricciones de acceso, subir ficheros con nombres arbitrarios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sintaxis Alternate Data Stream (ADS) en el par\u00e1metro filename, tal y como fue demostrado al utilizar .htaccess::$DATA para subir un programa PHP."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.5.13",
"matchCriteriaId": "5E00A66E-D01C-4452-9191-CC9E2FC4FDB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://seclists.org/fulldisclosure/2014/Mar/45",
"source": "cve@mitre.org"
},
{
"url": "http://www.exploit-db.com/exploits/32162",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/66000",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757",
"source": "cve@mitre.org"
},
{
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink