Lucene search
K

1938 matches found

NVD
NVD
added 2012/12/18 1:55 a.m.23 views

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

4.3CVSS5.6AI score0.01832EPSS
Exploits0References5
NVD
NVD
added 2012/12/18 1:55 a.m.17 views

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

4.3CVSS5.8AI score0.0206EPSS
Exploits0References7
NVD
NVD
added 2012/12/18 1:55 a.m.27 views

CVE-2012-5609

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...

6.5CVSS7.1AI score0.02074EPSS
Exploits0References6
NVD
NVD
added 2012/12/18 1:55 a.m.21 views

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name...

6.5CVSS7.2AI score0.02171EPSS
Exploits0References8
NVD
NVD
added 2012/12/18 1:55 a.m.30 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS6.7AI score0.02102EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.23 views

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

4.3CVSS5.9AI score0.0206EPSS
Exploits0References4
Prion
Prion
added 2012/12/18 1:55 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

4.3CVSS6.1AI score0.01832EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2012/12/18 1:55 a.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

4.3CVSS6.1AI score0.0206EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.38 views

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

4.3CVSS6AI score0.01832EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.41 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS5.9AI score0.02102EPSS
Exploits0References4
Prion
Prion
added 2012/12/18 1:55 a.m.19 views

Design/Logic Flaw

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name...

6.5CVSS7.7AI score0.02171EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.31 views

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name...

6.5CVSS6AI score0.02171EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/12/18 1:55 a.m.32 views

CVE-2012-5609

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...

6.5CVSS6.2AI score0.02074EPSS
Exploits0References4
Prion
Prion
added 2012/12/18 1:55 a.m.18 views

Design/Logic Flaw

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...

6.5CVSS7.6AI score0.02074EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2012/12/18 1:55 a.m.20 views

Default credentials

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS7.4AI score0.02102EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.26 views

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

5.8AI score0.0206EPSS
Exploits0References7
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.26 views

CVE-2012-5609

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...

7.1AI score0.02074EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.30 views

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name...

7.1AI score0.02171EPSS
Exploits0References8
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.30 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

6.7AI score0.02102EPSS
Exploits0References4
CVE
CVE
added 2012/12/18 1:0 a.m.64 views

CVE-2012-5610

The CVE-2012-5610 entry describes an Incomplete blacklist vulnerability in ownCloud’s lib/filesystem.php, exploitable by remote authenticated users via uploading a file with a specially crafted name. Affected are ownCloud core versions before 4.0.9 and 4.5.x before 4.5.2. The underlying cause is ...

6.5CVSS7.4AI score0.02171EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder