Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OwncloudOwncloud Server

108 matches found

CVE
CVEadded 2014/03/14 4:55 p.m.41 views

CVE-2013-1851

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.

3.5CVSS6.4AI score0.00171EPSS
CVE
CVEadded 2015/02/04 6:59 p.m.41 views

CVE-2014-9042

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this c...

3.5CVSS5.2AI score0.00185EPSS
CVE
CVEadded 2015/02/04 6:59 p.m.41 views

CVE-2014-9046

The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.

5CVSS6.8AI score0.0025EPSS
CVE
CVEadded 2014/03/14 3:55 p.m.40 views

CVE-2013-0297

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

3.5CVSS5.4AI score0.00185EPSS
CVE
CVEadded 2014/03/24 4:31 p.m.40 views

CVE-2013-7344

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.

6.5CVSS7.2AI score0.14573EPSS
CVE
CVEadded 2014/06/04 2:55 p.m.40 views

CVE-2014-3834

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.

7.5CVSS6.3AI score0.00303EPSS
CVE
CVEadded 2014/03/14 5:55 p.m.39 views

CVE-2013-0301

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

6.8CVSS7.2AI score0.00118EPSS
CVE
CVEadded 2015/02/04 6:59 p.m.37 views

CVE-2014-9044

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.

5CVSS6.2AI score0.0025EPSS
Total number of security vulnerabilities108