Owncloud Server@4.0.10 Security Vulnerabilities and Issues — Owncloud Server@4.0.10 CVE List

Lucene search

OwncloudOwncloud Server4.0.10

18 matches found

CVE•added 2014/10/06 11:55 p.m.•71 views

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename pa...

7.5CVSS7.3AI score0.17806EPSS

CVE•added 2014/03/14 4:55 p.m.•69 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.

5CVSS6.6AI score0.0025EPSS

CVE•added 2013/08/15 5:55 p.m.•60 views

CVE-2013-1942

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id pa...

4.3CVSS5.6AI score0.09552EPSS

CVE•added 2014/03/24 4:31 p.m.•52 views

CVE-2013-0303

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by...

6.5CVSS7.2AI score0.14573EPSS

CVE•added 2014/03/14 4:55 p.m.•51 views

CVE-2013-2042

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark...

3.5CVSS5.3AI score0.00185EPSS

CVE•added 2014/06/05 3:44 p.m.•49 views

CVE-2013-0302

Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon ...

5CVSS6.2AI score0.0025EPSS

CVE•added 2014/03/14 4:55 p.m.•48 views

CVE-2013-1850

Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.

6.5CVSS7.4AI score0.00485EPSS

CVE•added 2014/03/24 4:31 p.m.•47 views

CVE-2014-2057

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2014/03/14 5:55 p.m.•45 views

CVE-2013-0299

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone...

6.8CVSS7.3AI score0.00118EPSS

CVE•added 2014/06/04 2:55 p.m.•45 views

CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

5CVSS6.8AI score0.00243EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2039

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

4CVSS6.3AI score0.00139EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2040

3.5CVSS5.2AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2150

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

3.5CVSS5.6AI score0.00185EPSS

CVE•added 2014/03/14 3:55 p.m.•41 views

CVE-2013-0307

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

3.5CVSS5.8AI score0.00284EPSS

CVE•added 2014/03/14 4:55 p.m.•41 views

CVE-2013-1851

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.

3.5CVSS6.4AI score0.00171EPSS

CVE•added 2014/03/14 3:55 p.m.•40 views

CVE-2013-0297

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

3.5CVSS5.4AI score0.00185EPSS

CVE•added 2014/03/24 4:31 p.m.•40 views

CVE-2013-7344

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.

6.5CVSS7.2AI score0.14573EPSS

CVE•added 2014/03/14 5:55 p.m.•39 views

CVE-2013-0301

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

6.8CVSS7.2AI score0.00118EPSS