CVE 2014-3963

ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.

See the CVE page on Mitre.org for more details.