VDB
GCVE-110-MAGEIA-2015-314
GCVE-110-MAGEIA-2015-314
Advisory Published
In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect
ownCloud against the Dropbox server might allow the owner of "Dropbox.com"
to gain access to any files on the ownCloud server if an external Dropbox
storage was mounted (CVE-2015-4715).
In ownCloud before 6.0.8 and 8.0.4, the sanitization component for
filenames was vulnerable to DoS when parsing specially crafted file names
passed via specific endpoints. Effectively this lead to a endless loop
filling the log file until the system is not anymore responsive
(CVE-2015-4717).
In ownCloud before 6.0.8 and 8.0.4, the external SMB storage of ownCloud
was not properly neutralizing all special elements which allows an
adversary to execute arbitrary SMB commands. This was caused by improperly
sanitizing the ";" character which is interpreted as command separator by
smbclient (the used software to connect to SMB shared by ownCloud).
Effectively this allows an attacker to gain access to any file on the
system or overwrite it, finally leading to a PHP code execution in the
case of ownCloud's config file (CVE-2015-4718).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | owncloud | 0 (affected), 8.0.5-1.2.mga5 (unaffected) | — |
| Mageia | owncloud | 0 (affected), 6.0.9-1.mga4 (unaffected) | — |
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.