Description

The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.

Remediation

References

CVE-2014-3837

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2016-3110)

Grafana Missing Authorization Vulnerability (CVE-2023-2183)

WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7288)

WordPress Plugin MailPoet Newsletters (Previous) SQL Injection (2.2)

Severity

Medium

Classification

CVE-2014-3837 CWE-264

Tags

Missing Update Known Vulnerabilities