* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, August 2, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emory orthopaedic surgeons use robotic technology to transform knee replacement surgery – Emory News Center

    How Robotic Technology is Revolutionizing Knee Replacement Surgery

    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

    Sens. Blackburn, Warnock introduce CREATE Act to provide tax relief to music creators – Yahoo Home

    Sens. Blackburn and Warnock Launch CREATE Act to Deliver Tax Relief for Music Creators

    That’s (Political) Entertainment: When Theatre Meets Politics

    Future Script: How Generative AI Is Changing Collective Bargaining in the Entertainment Industry – Jackson Lewis

    Future Script: How Generative AI Is Transforming Collective Bargaining in Entertainment

    The SBA’s live-entertainment bailout was supposed to end two years ago. We still don’t know how $1.5 billion was spent. – Yahoo Home

    $1.5 Billion Live-Entertainment Bailout: Two Years Later, Where Did the Money Go?

    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emory orthopaedic surgeons use robotic technology to transform knee replacement surgery – Emory News Center

    How Robotic Technology is Revolutionizing Knee Replacement Surgery

    Cognizant Technology Solutions Corp (CTSH) Q2 2025 Earnings Call Highlights: Strong Revenue … – Yahoo.co

    Cognizant Q2 2025 Earnings: Impressive Revenue Growth and Key Takeaways

    Revving Up The U.S. Technology Engine – Forbes

    Revving Up The U.S. Technology Engine – Forbes

    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

A critical vulnerability in ownCloud servers is being exploited en masse

November 30, 2023
in Technology
A critical vulnerability in ownCloud servers is being exploited en masse
Share on FacebookShare on Twitter

TechSpot is celebrating its 25th anniversary. TechSpot means tech analysis and advice you can trust.

Facepalm: OwnCloud is an open-source software designed for sharing and syncing files in distributed and federated enterprise environments. The tool provides collaboration and document-sharing services, but a recently disclosed vulnerability has extended its “sharing” capabilities in an unintended way, compromising sensitive data.

This past week, ownCloud publicly disclosed a critical vulnerability in the “graphapi” app. The security flaw is being tracked with the highest level of risk on the CVE scale (10) as CVE-2023-49103. A week later, security researchers have now started to witness what could amount to “mass” exploitation of this extremely dangerous flaw.

According to ownCloud’s official advisory, the CVE-2023-49103 issue stems from a third-party library used by the graphapi app (GetPhpInfo.php). The library provides a URL that, when accessed, reveals the configuration details of the PHP environment. The provided information also includes all the environment variables of the webserver, ownCloud said.

The issue mostly arises in containerized deployments of ownCloud, where the environment variables disclosed by getphpinfo.php “may include” sensitive data such as admin passwords, server credentials, and license keys. Simply disabling the graphapi app doesn’t eliminate the vulnerability, as the flawed library still provides the secret-disclosing URL, according to ownCloud.

Aside from disclosing server secrets, the vulnerable phpinfo library can expose other potentially sensitive configuration details that an attacker could exploit to gather further information about the system. Even if ownCloud is not running in a containerized environment, the advisory warns, server admins should still be concerned about the vulnerability’s potential outcomes.

According to security company GreyNoise, the CVE-2023-49103 flaw is now actively being exploited by cyber-criminals. Researchers describe a “mass exploitation” of the flaw in the wild, which they detected as early as November 25, 2023. Black hat hackers are seeking passwords, mail server credentials, and license keys, which the detailed vulnerability would gladly reveal to anyone.

While the company is working on “various hardenings” in future core releases to avoid similar vulnerabilities, ownCloud advised users to delete the flawed GetPhpInfo.php library from their servers. Furthermore, the phpinfo function was disabled in the containers the German company directly provides to its enterprise customers.

Further advice provided by ownCloud includes a global reset of server “secrets,” including passwords, credentials, and access keys. In addition to CVE-2023-49103, GreyNoise remarks that ownCloud recently disclosed additional critical vulnerabilities. The flaws include an authentication bypass issue with a 9.8 CVE score (CVE-2023-49105) and a highly dangerous flaw related to the oauth2 app (CVE-2023-49104).

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechSpot – https://www.techspot.com/news/100994-critical-vulnerability-owncloud-servers-exploited-en-masse.html

Tags: criticaltechnologyvulnerability
Previous Post

Where to watch Christmas at Graceland holiday special

Next Post

Court mandates Epic and Google to settlement talks before concluding antitrust lawsuit

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

August 2, 2025
EPA attacks climate science. Here are the facts. – E&E News by POLITICO

EPA Questions Climate Science: Key Insights You Shouldn’t Miss

August 2, 2025
6 science-backed strategies to improve your memory – National Geographic

6 Proven Science-Backed Strategies to Boost Your Memory

August 2, 2025
Trying to keep your brain young? A big new study finds these lifestyle changes help – NPR

Trying to keep your brain young? A big new study finds these lifestyle changes help – NPR

August 2, 2025
2025 World Junior Summer Showcase: 3 things learned on Day 5 – NHL.com

3 Must-Know Highlights from Day 5 of the 2025 World Junior Summer Showcase

August 2, 2025
Economic Reality Bites Trump and His Protectionist Trade Policies – The New Yorker

How Trump’s Protectionist Trade Policies Ended Up Hurting the Global Economy

August 2, 2025
Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

Chicago Youth Symphony Orchestra takes the Lollapalooza stage – Yahoo Home

August 2, 2025
President Trump Delivers Remarks on Making Health Technology Great Again – The White House (.gov)

President Trump Delivers Remarks on Making Health Technology Great Again – The White House (.gov)

August 2, 2025
Trump’s super PAC in powerful financial position with nearly $200 million on hand – CNN

Trump’s super PAC in powerful financial position with nearly $200 million on hand – CNN

August 2, 2025
It’s time to retire the word ‘technology’ – Financial Times

Why It’s Time to Retire the Word ‘Technology’ for Good

August 2, 2025

Categories

Archives

August 2025
MTWTFSS
 123
45678910
11121314151617
18192021222324
25262728293031
« Jul    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (750)
  • Economy (775)
  • Entertainment (21,653)
  • General (16,241)
  • Health (9,812)
  • Lifestyle (783)
  • News (22,149)
  • People (776)
  • Politics (784)
  • Science (15,988)
  • Sports (21,270)
  • Technology (15,752)
  • World (758)

Recent News

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

Foraging strategy and tree structure as drivers of arboreality and suspensory behaviour in savannah-dwelling chimpanzees – Frontiers

August 2, 2025
EPA attacks climate science. Here are the facts. – E&E News by POLITICO

EPA Questions Climate Science: Key Insights You Shouldn’t Miss

August 2, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version