CVE-2012-4391

Cross-site request forgery CSRF vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations...

CVE-2012-4390

1 apps/calendar/appinfo/remote.php and 2 apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors...

CVE-2012-4389

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file...

CVE-2012-5608

Cross-site scripting XSS vulnerability in apps/userwebdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters...

Exploit for CVE-2024-37010

CVE-2024-37010 Exploit for the CVE-2024-37010: access other u...

Malicious code in owncloud-customgroups-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db2fb0d1c0650fa0c9e68fc32c5efc05a4c0571b13308b954b8b68a7c590fe6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12087 Malicious code in owncloud-customgroups-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6db2fb0d1c0650fa0c9e68fc32c5efc05a4c0571b13308b954b8b68a7c590fe6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50657

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method...

CVE-2024-50657

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method...

CVE-2024-50657

Owncloud Android APK 4.3.1 is affected by a privilege-escalation issue in the PassCodeViewModel.checkPassCodeIsValid method. The vulnerability is triggered by a physically proximate attacker and results in elevated privileges within the app. Public details consistently reference the affected vers...

CVE-2024-50657

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method...

PT-2024-34384 · Owncloud · Owncloud

Name of the Vulnerable Software and Affected Versions: Owncloud android apk version 4.3.1 Description: An issue in the Owncloud android application allows a physically proximate attacker to escalate privileges. This is specifically related to the PassCodeViewModel class, in the checkPassCodeIsVal...

ownCloud 安全漏洞

ownCloud is a personal cloud storage solution from the American company ownCloud. A security vulnerability exists in version v.4.3.1 of ownCloud. An attacker can elevate privileges by exploiting the vulnerability...

ownCloud < 10.13.0 CSRF Vulnerability

ownCloud is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-7273

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2023-7273

The CVE-2023-7273 entry concerns Kiteworks OwnCloud and is supported by multiple sources indicating a Cross-Site Request Forgery (CSRF) vulnerability. Affected component/condition: CSRF in Kiteworks OwnCloud where, if a request has no Authorization header, the rewrite rule assigns an empty string...

CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

CVE-2023-7273 Cross Site Request Forgery in Kiteworks OwnCloud

Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing...

ownCloud 安全漏洞

ownCloud is a suite of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in version 10.12 and earlier versions of ownCloud that stems from the presence of cross-site request forgery, allowing an unauthenticated attacker to forge requests...

PT-2024-15265 · Kiteworks · Kiteworks Owncloud

Name of the Vulnerable Software and Affected Versions: Kiteworks OwnCloud affected versions not specified Description: Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty strin...