Owncloud Server@4.0.12 Security Vulnerabilities and Issues — Owncloud Server@4.0.12 CVE List

Lucene search

OwncloudOwncloud Server4.0.12

9 matches found

CVE•added 2014/10/06 11:55 p.m.•71 views

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename pa...

7.5CVSS7.3AI score0.17806EPSS

CVE•added 2014/03/14 4:55 p.m.•69 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.

5CVSS6.6AI score0.0025EPSS

CVE•added 2013/08/15 5:55 p.m.•60 views

CVE-2013-1942

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id pa...

4.3CVSS5.6AI score0.09552EPSS

CVE•added 2014/03/14 4:55 p.m.•51 views

CVE-2013-2042

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark...

3.5CVSS5.3AI score0.00185EPSS

CVE•added 2014/03/24 4:31 p.m.•47 views

CVE-2014-2057

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2014/06/04 2:55 p.m.•45 views

CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

5CVSS6.8AI score0.00243EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2039

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

4CVSS6.3AI score0.00139EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2040

3.5CVSS5.2AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2150

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

3.5CVSS5.6AI score0.00185EPSS