The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “Mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. OwnCloud officials didn’t immediately respond to an email seeking technical details of the vulnerability and the precise conditions required for it to be exploited.

Source: ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation

I like the idea of ownCloud, but in practice, it leaves a quite a bit to be desired.