3 matches found
Sql injection
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-2045
CVE-2013-2045 affects ownCloud Server prior to 5.0.6 (and related advisory notes) where lib/db.php does not neutralize special elements passed to SQL queries, enabling SQL injection by remote authenticated users. The issue is limited to authenticated access and the impact is described as arbitrar...
CVE-2013-1967
Cross-site scripting XSS vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter...