Description
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin GS Insever Portfolio Cross-Site Scripting (1.4.4)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-4558)
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.10)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9033)