{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-06T00:00:00", "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "57267", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57267"}, {"name": "104082", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/104082"}, {"name": "66000", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66000"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Mar/45"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"}, {"name": "32162", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/32162"}, {"tags": ["x_refsource_MISC"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"}, {"name": "owncloud-upload-file-upload(91757)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2044", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "57267", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57267"}, {"name": "104082", "refsource": "OSVDB", "url": "http://www.osvdb.org/104082"}, {"name": "66000", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66000"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Mar/45"}, {"name": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"}, {"name": "32162", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/32162"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"}, {"name": "owncloud-upload-file-upload(91757)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:16.206Z"}, "title": "CVE Program Container", "references": [{"name": "57267", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57267"}, {"name": "104082", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/104082"}, {"name": "66000", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66000"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Mar/45"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"}, {"name": "32162", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/32162"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"}, {"name": "owncloud-upload-file-upload(91757)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"}, {"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2044", "datePublished": "2014-10-06T23:00:00", "dateReserved": "2014-02-19T00:00:00", "dateUpdated": "2024-08-06T09:58:16.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E00A66E-D01C-4452-9191-CC9E2FC4FDB9", "versionEndIncluding": "4.5.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remotos autenticados evadir las restricciones de acceso, subir ficheros con nombres arbitrarios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sintaxis Alternate Data Stream (ADS) en el par\u00e1metro filename, tal y como fue demostrado al utilizar .htaccess::$DATA para subir un programa PHP."}], "id": "CVE-2014-2044", "lastModified": "2018-10-09T19:43:07.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-06T23:55:08.327", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Mar/45"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57267"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/32162"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/104082"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/66000"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}