Lucene search
K
OwncloudOwncloud Server

108 matches found

CVE
CVE
added 2014/06/04 2:0 p.m.192 views

CVE-2014-2054

CVE-2014-2054 affects PHPExcel prior to 1.8.0 when used by ownCloud Server (before 5.0.15 and 6.0.x before 6.0.2). Root cause: libxml external entity loading is not disabled, enabling XML External Entity (XXE) attacks. Impact: potential to read arbitrary files, cause denial of service, and other ...

7.5CVSS7.4AI score0.01538EPSS
CVE
CVE
added 2023/11/21 12:0 a.m.127 views

CVE-2023-49105

CVE-2023-49105 — ownCloud core vulnerability (pre-signed URLs) highly critical . In ownCloud core prior to 10.13.1, an attacker who knows a victim’s username and if the victim has no signing-key configured can access, modify, or delete any file without authentication because pre-signed URLs are a...

9.8CVSS9.4AI score0.11074EPSS
CVE
CVE
added 2014/06/04 2:0 p.m.125 views

CVE-2014-2053

CVE-2014-2053 concerns getID3()

7.5CVSS9.5AI score0.04681EPSS
CVE
CVE
added 2019/11/22 6:53 p.m.111 views

CVE-2013-0203

The provided documents describe multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server. Affected versions are ownCloud Server < 4.0.11 and

5.4CVSS5.7AI score0.00724EPSS
Web
CVE
CVE
added 2014/10/06 11:0 p.m.109 views

CVE-2014-2044

CVE-2014-2044 affects ownCloud before 5.0 on Windows. The vulnerability is in the Ajax upload handling (ajax/upload.php) where an incomplete blacklist allows an authenticated user to upload files with arbitrary names and execute code via Windows ADS syntax in the filename (for example .htaccess::...

7.5CVSS7.3AI score0.12388EPSS
Web
CVE
CVE
added 2021/02/19 6:59 a.m.99 views

CVE-2020-36252

CVE-2020-36252 affects OwnCloud Server 10.x prior to 10.3.1. An attacker who has one outgoing share from a victim can access any version of any file by requesting a predictable ID number, exploiting a privilege/access-control flaw. The vulnerability impacts confidentiality (high) and is classifie...

6.8CVSS5.5AI score0.0051EPSS
CVE
CVE
added 2015/10/21 6:0 p.m.92 views

CVE-2015-4716

CVE-2015-4716 is a directory traversal vulnerability in ownCloud Server’s routing component affecting Windows deployments; affected versions are before 7.0.6 and 8.0.x before 8.0.4, allowing remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. Debian ad...

10CVSS7.5AI score0.2482EPSS
CVE
CVE
added 2015/10/26 3:0 p.m.92 views

CVE-2015-7699

The CVE-2015-7699 issue affects the ownCloud Server files_external app and allows remote authenticated users to instantiate arbitrary classes and potentially execute code via a crafted mount point option related to objectstore. Affected versions are: files_external in ownCloud Server pre-7.0.9, 8...

9CVSS7.1AI score0.04021EPSS
CVE
CVE
added 2015/10/21 3:0 p.m.87 views

CVE-2015-5953

The CVE-2015-5953 issue is an XSS vulnerability in the ownCloud Server activity module, exploitable by an authenticated remote user via a double-quote character in a filename in a shared folder. Affected are ownCloud Server versions prior to 7.0.5 and 8.0.x prior to 8.0.4. The problem is describe...

3.5CVSS5.1AI score0.00826EPSS
CVE
CVE
added 2013/08/15 5:0 p.m.84 views

CVE-2013-1942

CVE-2013-1942 describes multiple XSS vulnerabilities in actionscript/Jplayer.as (jplayer.swf) of the jPlayer Flash SWF component. The flaws allow remote attackers to inject arbitrary script or HTML via the (1) jQuery or (2) id parameters, demonstrated by document.write in the jQuery parameter. Af...

4.3CVSS5.6AI score0.05494EPSS
Web
CVE
CVE
added 2014/03/14 4:0 p.m.82 views

CVE-2014-2049

The CVE-2014-2049 issue affects ownCloud Server before version 5.0.15 and before 6.0.2, due to insecure default Flash Cross Domain policies. Root cause: insecure cross-domain configuration in Flash policies. Impact: remote attackers could access user files via unspecified vectors. Public advisori...

5CVSS6.6AI score0.01266EPSS
CVE
CVE
added 2015/05/08 2:0 p.m.81 views

CVE-2015-3013

The CVE-2015-3013 entry applies to ownCloud Server releases before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5, where authenticated remote users could bypass the file blacklist and upload arbitrary files by using UTF-8 encoded paths (demonstrated with .htaccess). Exploitation requires authenti...

6CVSS6.2AI score0.01339EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.79 views

CVE-2013-2044

The CVE-2013-2044 issue affects ownCloud Server prior to version 5.0.6, where the login page (index.php) allows an Open Redirect via the redirect_url parameter. This can enable attackers to redirect users to arbitrary sites and facilitate phishing attacks. The vulnerability is documented in offic...

5.8CVSS6.7AI score0.01636EPSS
CVE
CVE
added 2015/10/21 6:0 p.m.79 views

CVE-2015-5954

The CVE-2015-5954 issue affects ownCloud Server: vulnerable versions include 6.0.x before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5. The root cause is that the virtual filesystem does not treat NULL as a valid getPath return value in a sharing context, allowing remote authenticated users ...

4CVSS6.2AI score0.01201EPSS
CVE
CVE
added 2021/05/20 12:46 p.m.78 views

CVE-2021-29659

OwnCloud 10.7 is affected by an incorrect access control vulnerability in a related API endpoint that allows remote information disclosure. An attacker can enumerate all users in a single request by supplying three whitespace characters, and on large instances this may add unusual load. The conne...

6.5CVSS6.1AI score0.01327EPSS
CVE
CVE
added 2020/01/23 7:7 p.m.76 views

CVE-2014-2050

CVE-2014-2050 affects ownCloud Server versions prior to 5.0.15 and 6.0.x prior to 6.0.2. The vulnerability is a Cross-Site Request Forgery (CSRF) that lets remote attackers hijack a user’s authentication for password-reset requests via a crafted HTTP Host header. Affected component is the web app...

6.5CVSS7.3AI score0.01472EPSS
CVE
CVE
added 2014/06/04 2:0 p.m.76 views

CVE-2014-2056

CVE-2014-2056 affects ownCloud Server via the PHPDocX library. Affected: ownCloud Server < 5.0.15 and

7.5CVSS7.5AI score0.02253EPSS
CVE
CVE
added 2012/09/05 11:0 p.m.75 views

CVE-2012-4752

Concrete details found: CVE-2012-4752 affects ownCloud up to version 4.0.5 with an issue in appconfig.php that allows remote (authenticated) users to edit app configurations; notes indicate CVE-2012-4393 CSRF vulnerabilities can be leveraged to enable this. Related connected sources (Red Hat, UBu...

5CVSS6.2AI score0.02183EPSS
CVE
CVE
added 2015/10/21 6:0 p.m.75 views

CVE-2015-4717

CVE-2015-4717 affects ownCloud Server: the filename sanitization component fails to properly handle $_GET parameters cast to an array, allowing remote attackers to trigger a denial of service (infinite loop and log file consumption) via crafted endpoint file names. Affected versions are before 6....

7.8CVSS4.9AI score0.02832EPSS
CVE
CVE
added 2015/10/21 6:0 p.m.75 views

CVE-2015-4718

CVE-2015-4718 affects ownCloud Server’s external SMB storage driver. Affected versions are ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4. The vulnerability allows remote authenticated users to execute arbitrary SMB commands via a semicolon character in a file, enabling ...

9CVSS5.3AI score0.03043EPSS
CVE
CVE
added 2012/04/20 10:0 a.m.74 views

CVE-2012-2269

CVE-2012-2269 (ownCloud) : Multiple XSS vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary scripts via various inputs across endpoints (stored XSS in apps/contacts/ajax/addcard.php, addproperty.php, createaddressbook; reflected XSS in files/download.php and files/...

4.3CVSS5.6AI score0.02758EPSS
Web
CVE
CVE
added 2015/02/04 6:0 p.m.74 views

CVE-2014-9043

CVE-2014-9043 affects ownCloud’s user_ldap backend: a null byte in the password with a valid username enables an unauthenticated bind, bypassing authentication. Affected are ownCloud releases prior to 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3. Multiple sources (SUSE/Mandriva advisories and C...

5CVSS7.1AI score0.01859EPSS
CVE
CVE
added 2015/10/26 2:0 p.m.73 views

CVE-2015-6500

CVE-2015-6500 is a directory traversal vulnerability in ownCloud Server prior to 8.0.6 and in the 8.1.x branch prior to 8.1.1. It allows remote authenticated users to list directory contents and potentially cause a denial of service (CPU consumption) by sending a .. payload to index.php/apps/file...

7.5CVSS6.1AI score0.02627EPSS
Web
CVE
CVE
added 2014/03/14 4:0 p.m.72 views

CVE-2013-2042

CVE-2013-2042 affects ownCloud, with XSS vulnerabilities in the bookmarks functionality. The description specifies that remote authenticated users could inject arbitrary web script or HTML via the url parameter to two endpoints: apps/bookmarks/ajax/addBookmark.php and apps/bookmarks/ajax/editBook...

3.5CVSS5.3AI score0.01152EPSS
Web
CVE
CVE
added 2015/10/26 2:0 p.m.72 views

CVE-2015-6670

CVE-2015-6670 affects ownCloud server components prior to updates: 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1. The issue stems from improper ownership checks of calendars, allowing remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. T...

4CVSS6.2AI score0.01417EPSS
Web
CVE
CVE
added 2014/03/14 4:0 p.m.71 views

CVE-2013-2149

CVE-2013-2149: ownCloud is vulnerable to cross-site scripting via shared files. Mageia MGASA-2013-0171 notes XSS in js/viewer.js and core/js/oc-dialogs.js, exploitable in all ownCloud versions before 5.0.7 and 4.0.16. Affected components include files_videoviewer; impact is arbitrary script injec...

3.5CVSS5.1AI score0.01152EPSS
CVE
CVE
added 2012/04/20 10:0 a.m.70 views

CVE-2012-2270

CVE-2012-2270 is an open redirect vulnerability in the ownCloud login page (index.php) affecting version 3.0.0 (and related 3.0.x). The issue arises from unsafely handling the redirect_url parameter, enabling attackers to redirect users to arbitrary sites and facilitate phishing. According to the...

5.8CVSS6.7AI score0.06076EPSS
Web
CVE
CVE
added 2014/03/23 3:0 p.m.69 views

CVE-2013-0303

CVE-2013-0303 describes an unspecified vulnerability in ownCloud's core/ajax/translations.php affecting versions prior to 4.0.12 and 4.5.x prior to 4.5.6, allowing remote authenticated users to execute arbitrary PHP code via unknown vectors. The issue is split from CVE-2013-7344, which covers cor...

6.5CVSS7.2AI score0.02605EPSS
CVE
CVE
added 2014/02/05 3:0 p.m.69 views

CVE-2013-1967

CVE-2013-1967 describes a Cross-site scripting (XSS) vulnerability in flashmediaelement.swf used by MediaElement.js before 2.11.2. The flaw affects ownCloud Server deployments, specifically 5.0.x before 5.0.5 and 4.5.x before 4.5.10, where an attacker can inject arbitrary script or HTML via the f...

4.3CVSS5.9AI score0.02214EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.68 views

CVE-2013-1939

The CVE-2013-1939 issue affects SabreDAV’s HTML/Browser plugin used in ownCloud on Windows, where improper checking of path separators in the base path allows remote attackers to read arbitrary files via a backslash character. Concrete details in connected documents show that SabreDAV versions 1....

5CVSS6.5AI score0.01779EPSS
CVE
CVE
added 2020/02/17 6:9 p.m.68 views

CVE-2015-4715

The CVE-2015-4715 entry affects ownCloud Server (Dropbox storage integration) via the Dropbox-PHP OAuth/Curl.php fetch function when an external Dropbox storage is mounted. Affected versions: ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4. The vulnerability allows remote adm...

4.9CVSS5.1AI score0.0144EPSS
CVE
CVE
added 2014/06/04 2:0 p.m.67 views

CVE-2012-5336

The CVE-2012-5336 issue affects ownCloud Server versions prior to 4.0.8. The root cause is improper validation of the user_id session variable in lib/base.php, which allows remote authenticated users to read arbitrary files via WebDAV. Affected software: ownCloud Server

4CVSS6.3AI score0.01011EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.67 views

CVE-2013-1963

The CVE-2013-1963 entry describes a vulnerability in the ownCloud Contacts app where ownership of contacts is not properly enforced, allowing remote authenticated users to download arbitrary contacts via unspecified vectors. Affected versions are ownCloud before 4.5.10 and 5.x before 5.0.5. The u...

4CVSS6.3AI score0.01422EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.66 views

CVE-2013-2048

The CVE-2013-2048 issue affects ownCloud Server prior to 5.0.6, where an insufficient permission check allows authenticated users to execute arbitrary API commands via unspecified vectors, with CSRF enabling remote command execution. The root cause is an inadequate access-control check on API com...

6.5CVSS7.4AI score0.01632EPSS
CVE
CVE
added 2012/12/18 1:0 a.m.65 views

CVE-2012-5607

The CVE-2012-5607 issue affects versions 4.0.9 and 4.5.0 where the Lost Password reset does not properly validate the security token, enabling a remote timing-attack-based password change. The underlying problem is the token comparison during password reset, which could let an attacker overwrite...

5CVSS6.9AI score0.02102EPSS
CVE
CVE
added 2014/06/04 2:0 p.m.65 views

CVE-2013-0204

CVE-2013-0204 affects ownCloud 4.5.x before 4.5.6. A vulnerability in settings/personal.php allows an authenticated remote user to execute arbitrary PHP code via crafted mount point settings, enabling remote code execution. The issue is documented in the official ownCloud advisory OC-SA-2013-002,...

4.6CVSS6.5AI score0.00897EPSS
Web
CVE
CVE
added 2014/03/14 4:0 p.m.65 views

CVE-2014-2047

CVE-2014-2047 affects ownCloud Server prior to 6.0.2, where PHP may accept session parameters via GET. The root cause is that authentication could proceed without invalidating an existing session, enabling an attacker to hijack a user’s session (session fixation). The linked advisories describe t...

6.8CVSS6.6AI score0.0129EPSS
CVE
CVE
added 2012/09/05 11:0 p.m.64 views

CVE-2012-4394

CVE-2012-4394 (ownCloud XSS) : A cross-site scripting vulnerability affects ownCloud before version 4.0.5. The issue is in the JS file apps/files/js/filelist.js, allowing remote attackers to inject arbitrary web script or HTML via the file parameter. Impact is reflected in the user’s browser sess...

4.3CVSS5.8AI score0.01914EPSS
CVE
CVE
added 2012/12/18 1:0 a.m.64 views

CVE-2012-5610

The CVE-2012-5610 entry describes an Incomplete blacklist vulnerability in ownCloud’s lib/filesystem.php, exploitable by remote authenticated users via uploading a file with a specially crafted name. Affected are ownCloud core versions before 4.0.9 and 4.5.x before 4.5.2. The underlying cause is ...

6.5CVSS7.4AI score0.02171EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.64 views

CVE-2013-2043

CVE-2013-2043 affects ownCloud calendar handling: the script apps/calendar/ajax/events.php fails to properly verify calendar ownership, enabling remote authenticated users to download arbitrary calendars via the calendar_id parameter. Affected versions are ownCloud before 4.5.11 and 5.x before 5....

4CVSS6.3AI score0.01422EPSS
Web
CVE
CVE
added 2012/04/20 10:0 a.m.63 views

CVE-2012-2398

CVE-2012-2398 describes a cross-site scripting (XSS) vulnerability in the ownCloud project. The flaw resides in the files/ajax/download.php endpoint and allows remote attackers to inject arbitrary web script or HTML via the files parameter, affecting versions prior to 3.0.3. The underlying issue ...

4.3CVSS5.6AI score0.01187EPSS
Web
CVE
CVE
added 2014/03/18 2:0 p.m.63 views

CVE-2013-0201

CVE-2013-0201 is a set of multiple XSS vulnerabilities in ownCloud up to version 4.5.5 and 4.0.10, exploitable via query string in resetpassword.php, mime parameter in mimeicon.php, and token parameter in sharing.php. The OpenVAS entry corroborates multiple HTML- and arbitrary-script injection vu...

4.3CVSS6AI score0.02164EPSS
Web
CVE
CVE
added 2014/06/04 2:0 p.m.63 views

CVE-2014-2055

SabreDAV vulnerability (CVE-2014-2055) affects SabreDAV <= 1.7.10 used within ownCloud Server <= 6.0.x (before 6.0.2) and = 5.0.15 or >= 6.0.2) where fixes are implemented. If exploitation details are not provided in the documents, they are not assumed; only the explicit XXE risk and aff...

7.5CVSS7.3AI score0.02228EPSS
CVE
CVE
added 2012/09/05 11:0 p.m.62 views

CVE-2012-4393

ownCloud before 4.0.6 has multiple CSRF vulnerabilities across 37+ endpoints (e.g., bookmarks, calendar, files, sharing, tasks) that allow remote attackers to hijack user sessions. Red Hat notes that appconfig.php access isn’t properly restricted, enabling edits by remote authenticated users and ...

6.8CVSS7.2AI score0.01097EPSS
CVE
CVE
added 2014/06/04 2:0 p.m.62 views

CVE-2012-5056

OwnCloud Server prior to 4.0.8 is affected by multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary script/HTML via three vectors: (1) readyCallback in apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, (2) root parameter to apps/gallery/templates/index.php, an...

4.3CVSS5.8AI score0.01005EPSS
Web
CVE
CVE
added 2013/01/03 1:0 a.m.62 views

CVE-2012-5665

Affected software: ownCloud 4.0.x (before 4.0.10) and 4.5.x (before 4.5.5). Vulnerability: improper restriction of access to settings.php, enabling remote attackers to edit app configurations for user_webdavauth and user_ldap by editing this file. Root cause: settings.php access is not properly g...

4.3CVSS6.9AI score0.02251EPSS
CVE
CVE
added 2014/03/14 5:0 p.m.62 views

CVE-2013-0300

CVE-2013-0300 affects ownCloud 4.5.x (before 4.5.7) and related versions, introducing multiple CSRF vulnerabilities in endpoints such as apps/calendar/ajax/changeview.php, apps/files_external/ajax/, and apps/user_webdavauth/settings.php. The flaws allow remote attackers to hijack user authenticat...

6.8CVSS7.4AI score0.0041EPSS
Web
CVE
CVE
added 2014/06/05 3:0 p.m.62 views

CVE-2013-0302

CVE-2013-0302 affects ownCloud Server prior to 4.0.12 and is an information-disclosure vulnerability linked to the inclusion of the Amazon SDK testing suite. The vulnerability allows remote attackers to obtain sensitive server information via unspecified vectors, with the evidence focusing on det...

5CVSS6.2AI score0.01266EPSS
CVE
CVE
added 2014/03/14 4:0 p.m.62 views

CVE-2013-1850

CVE-2013-1850 affects ownCloud Server prior to 4.0.13 and prior to 4.5.8 (4.5.x). The vulnerability is an incomplete blacklist in apps/contacts/import.php and apps/contacts/ajax/uploadimport.php that allows authenticated remote users to upload a .htaccess file and thereby achieve arbitrary PHP co...

6.5CVSS7.4AI score0.01193EPSS
Web
CVE
CVE
added 2014/03/14 4:0 p.m.62 views

CVE-2013-2086

The CVE-2013-2086 issue affects ownCloud 5.0.x prior to 5.0.6, where the configuration loader writes CSRF tokens (and other private data) into an accessible JavaScript file. This leakage enables remote attackers to obtain CSRF tokens and other sensitive information, per the official advisory and ...

5CVSS6.2AI score0.01799EPSS
Total number of security vulnerabilities108