CVE-2014-2044 in ownCloudinfo

Summary

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

02/19/2014

Disclosure

10/06/2014

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.13924

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2044
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2044
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2044/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!