Lucene search
K

28 matches found

Hacker One
Hacker One
added 2017/04/21 6:6 p.m.44 views

Nextcloud: Stored XSS in Gallery application (NC-SA-2017-010)

Stored XSS in Gallery application NC-SA-2017-010 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CWE-79 Description A JavaScript library used by Nextcloud for sanitizing untrusted...

3.5CVSS1.2AI score0.00643EPSS
Exploits0
OSV
OSV
added 2016/09/27 12:0 a.m.10 views

DSA-3679-1 jackrabbit - security update

Bulletin has no description...

8.8CVSS8.7AI score0.02293EPSS
Exploits0
OwnCloud
OwnCloud
added 2016/01/06 6:57 p.m.49 views

Disclosure of files that begin with ".v" due to unchecked return value - ownCloud

Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "filesversions" application is enabled on the serve...

3.5CVSS6.2AI score0.0085EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2015/09/30 6:53 p.m.49 views

Command injection when using external SMB storage - ownCloud

The external legacy SMB storage not using php-libsmbclient of ownCloud was not properly neutralizing all special elements which allows an adversary to execute arbitrary SMB commands. Effectively this allows an attacker to gain access to any file on the system or overwrite it, potentially leading ...

9CVSS7.3AI score0.02482EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2015/03/25 6:44 p.m.58 views

Bypass of file blacklist - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...

6CVSS6.9AI score0.01339EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/11/25 6:41 p.m.31 views

Stored XSS in "bookmarks" application - ownCloud

Due to not sanitising all user provided input, the "bookmarks" application shipped with the below mentioned ownCloud versions is vulnerable to a stored Cross-site scripting attack. The "bookmarks" application is disabled by default. Abusing this vulnerability requires the user to import a malicio...

3.5CVSS5.5AI score0.0108EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/11/25 6:39 p.m.47 views

Bypass of shared files password protection in "documents" application - ownCloud

The "documents" application is a collaborative web-based online editor for ODT files. Using this application you can easily share and collaborate on office documents. Due to missing access control within the API of this application, the password-protection of shared files can be bypassed. Affecte...

5CVSS6.3AI score0.01223EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/11/25 6:36 p.m.26 views

Local Path Disclosure when using Asset Pipeline - ownCloud

ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...

5CVSS5.9AI score0.01186EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 6:22 p.m.82 views

XXE in multiple third party components - ownCloud

Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...

7.5CVSS9.3AI score0.04681EPSS
Exploits2Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 6:21 p.m.49 views

Host Header Poisoning - ownCloud

Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. Affected...

6.8CVSS6.1AI score0.0129EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 6:18 p.m.79 views

Insecure OpenID implementation - ownCloud

Due to an insecure OpenID implementation used by useropenid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account without knowing any secret information, i.e. the password, about it by using a malicious OpenID provider. Affected Software ownCloud Server 5.0.15...

8.9AI score0.02739EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/05/24 6:29 p.m.25 views

Deserialization of Untrusted Data in core - ownCloud

Due to the deserialization of unstrusted data in core an attacker might be able to delete arbitrary files from the filesystem or executing arbitrary SQL queries. This issue has been found in a widely used third-party library, we have removed the component due to general quality concerns from the...

6.8AI score
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/05/24 6:28 p.m.39 views

CSRF in documents - ownCloud

Due to not verifying whether a request was intentionally provided by the user who submitted an request the documents application is vulnerable against several CSRF attacks. An attacker could have used this to arbitrary modify existing files or rename it. Affected Software ownCloud Server 6.0.3...

6.8CVSS6.3AI score0.00605EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/05/24 6:27 p.m.48 views

Improper authorization checks in documents - ownCloud

Due to not verifying whether an user has permission to rename files of other users an authenticated user could rename files of other users without permission. Affected Software ownCloud Server 6.0.3 CVE-2014-3834 Action Taken We reviewed the access-control of the documents application and ensured...

7.5CVSS5.9AI score0.01397EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/05/14 6:12 p.m.58 views

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows authenticated remote attackers to execute arbitrary PHP code by uploading a crafted file and accessing an uploaded PHP file. Note: Successful exploitation requires that the /data/ directory is stored inside the webroot and a...

4.6CVSS6.9AI score0.01262EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/05/14 6:12 p.m.50 views

Privilege escalation and CSRF in the API - ownCloud

Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability. Affected Software ownCloud Server 5.0.6 CVE-2013-2048 Action Taken It...

6.5CVSS6.5AI score0.01632EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/04/11 5:57 p.m.56 views

Insecure database password generator - ownCloud

Due to using "time" as random source in the ownCloud installation routine, the entropy of the generated PostgreSQL database user password is very low and can be easily guessed. This issue is inside the ownCloud setup routine and is not related to any PostgreSQL vulnerability. Affected Software...

5CVSS6.2AI score0.01116EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/03/14 5:45 p.m.58 views

user_migrate: Local file disclosure - ownCloud

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to import arbitrary files on the server inside his user account. Affected Software ownCloud Server 4.5.8 CVE-2013-1851 ownCloud Server 4.0.13 CVE-2013-1851 Action Take...

3.5CVSS6.2AI score0.01181EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/03/14 5:42 p.m.52 views

Incomplete blacklist vulnerability - ownCloud

Incomplete blacklist vulnerability in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php in ownCloud before 4.0.13 and 4.5.8 allows an authenticated remote attacker to upload a .htaccess file and therefore the execution of arbitrary PHP code in a standard Apache installation. Affect...

6.5CVSS6.7AI score0.01193EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2013/03/14 5:37 p.m.46 views

Multiple XSS vulnerabilities - ownCloud

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.8 and all prior versions except 4.0.x allow remote attackers to inject arbitrary web script or HTML via the "quota" POST parameter to setquota.php in /core/settings/ajax/ Commits: 2364c79 stable45 Risk: Low Note: Successful...

2.1CVSS5.2AI score0.00742EPSS
Exploits0Affected Software1
Rows per page
Query Builder