Description
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Airbnb Review Slider SQL Injection (3.2)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)
WordPress Plugin Feature Slideshow 'src' Parameter Cross-Site Scripting (1.0.6beta)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2006-4343)