CVE-2012-2398

Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary field to apps/contacts/ajax/addcard.php, 2 the parameter parameter to apps/contacts/ajax/addproperty.php, 3 the name parameter to...

CVE-2012-2269

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via 1 an arbitrary field to apps/contacts/ajax/addcard.php, 2 the parameter parameter to apps/contacts/ajax/addproperty.php, 3 the name parameter to...

CVE-2012-2270

Open redirect vulnerability in index.php aka the Login Page in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirecturl parameter...

CVE-2012-2397

Cross-site request forgery CSRF vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences via vectors involving contacts...

CVE-2012-2270

CVE-2012-2270 is an open redirect vulnerability in the ownCloud login page (index.php) affecting version 3.0.0 (and related 3.0.x). The issue arises from unsafely handling the redirect_url parameter, enabling attackers to redirect users to arbitrary sites and facilitate phishing. According to the...

CVE-2012-2398

CVE-2012-2398 describes a cross-site scripting (XSS) vulnerability in the ownCloud project. The flaw resides in the files/ajax/download.php endpoint and allows remote attackers to inject arbitrary web script or HTML via the files parameter, affecting versions prior to 3.0.3. The underlying issue ...

CVE-2012-2398

Cross-site scripting XSS vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4...

CVE-2012-2269

CVE-2012-2269 (ownCloud) : Multiple XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary scripts via various inputs across endpoints (stored XSS in apps/contacts/ajax/addcard.php, addproperty.php, createaddressbook; reflected XSS in files/download.php and files/...

CVE-2012-2397

CVE-2012-2397 affects ownCloud prior to version 3.0.3. The vulnerability is a Cross-site request forgery (CSRF) that enables remote attackers to hijack the authentication of arbitrary users by crafting requests that insert cross-site scripting (XSS) sequences via vectors involving the contacts fe...

Owncloud Account Overtake / File Upload Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Owncloud Account Overtake, File Uploa...

ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities - Active Check

ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting XSS vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted...

ownCloud 3.0.0 - index.php?redirect_url Arbitrary Site Redirect

ownCloud 3.0.0 - index.php?redirecturl Arbitrary Site Redirect source: https://www.securityfocus.com/bid/53145/info ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly...

ownCloud 3.0.0 Cross Site Scripting

Exploit for php platform in category web applications TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 others not tested http://owncloud.org References: TC-SA-2012-01...

ownCloud 3.0.0 - &#039;index.php?redirect_url&#039; Arbitrary Site Redirect

source: https://www.securityfocus.com/bid/53145/info ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker could leverage the...

ownCloud 3.0.0 Cross Site Scripting

TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 others not tested http://owncloud.org References: TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt used for updates CVE-2012-2269 - XSS in...