Description

The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.

Remediation

References

CVE-2014-3837

Related Vulnerabilities

WordPress Plugin Booking.com Banner Creator Unspecified Vulnerability (1.4.5)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13596)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.29)

MediaWiki Incorrect Authorization Vulnerability (CVE-2021-41801)

WordPress Plugin Advanced File Manager Directory Traversal (5.1)

Severity

Medium

Classification

CVE-2014-3837 CWE-264

Tags

Missing Update Known Vulnerabilities