ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

VulnCheck KEV: CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

Security Notice: Impact of CVE-2026-33634 on ownCloud Build Infrastructure - ownCloud

No customer data was compromised. No source code was altered. The attack affected our build infrastructure only – specifically the systems that produce container images and client binaries. If you are using a build before March 19th, no action is needed If you are using ocis-rolling image conta...

CVE-2019-25337

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

CVE-2019-25337

CVE-2019-25337 affects OwnCloud 8.1.8. The issue is a username enumeration flaw exposing user accounts by manipulating the share.php endpoint: sending crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter can reveal user information. Root cause appears to be impr...

CVE-2019-25337 OwnCloud 8.1.8 - Username Disclosure

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

CVE-2019-25337

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

CVE-2019-25337 OwnCloud 8.1.8 - Username Disclosure

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

ownCloud 安全漏洞

OwnCloud is a personal cloud storage solution provided by the US-based company OwnCloud. Version 8.1.8 of OwnCloud contains a security vulnerability. This vulnerability stems from a username enumeration issue in the share.php endpoint, which may lead to the discovery of user accounts...

PT-2026-7936

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user...

[SECURITY] Fedora 42 Update: qownnotes-26.1.7-4.fc42

QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...

[SECURITY] Fedora 43 Update: qownnotes-26.1.7-4.fc43

QOwnNotes is the open source notepad with Markdown support and todo list mana ger for GNU/Linux, macOS and Windows, that works together with Nextcloud Notes and ownCloud Notes. You are able to write down your thoughts with QOwnNotes and edit or search for them later from your mobile device, like...

CVE-2021-33828

The filesantivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files that have been uploaded to a public share are supposed to be deleted upon detection...

CVE-2021-33827

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

CVE-2023-49104

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

CVE-2023-49105

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no...

ownCloud < 10.15.1 Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

ownCloud < 10.15.3 Multiple Vulnerabilities

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...

ownCloud < 10.15.2 Phar Stream Wrapper Vulnerability

ownCloud is prone to a phar stream wrapper vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...