8 matches found
CVE-2025-53828
CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...
CVE-2019-25337
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...
CVE-2025-59716
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...
EUVD-2020-8110
Malware in sbrugna...
EUVD-2015-4732
Malware in sbrugna...
CVE-2012-5606
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...
Design/Logic Flaw
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions...
MGASA-2015-0125 Updated owncloud packages fix security vulnerabilities
Updated owncloud package fixes security vulnerabilities: Owncloud version 6.0.7 fixes several unspecified security vulnerabilities, as well as many other bugs. See the upstream Changelog for more information...