Description
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Reroute Email Cross-Site Scripting (1.4.9)
WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0.11 - 2.3)
WordPress Plugin Team Members Cross-Site Scripting (5.0.3)
WordPress Plugin Custom Simple Rss Cross-Site Request Forgery (2.0.6)