Lucene search

K
OwncloudOwncloud Server4.5.1

28 matches found

CVE
CVE
added 2014/10/06 11:55 p.m.71 views

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename pa...

7.5CVSS7.3AI score0.17806EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.69 views

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.

5CVSS6.6AI score0.0025EPSS
CVE
CVE
added 2013/08/15 5:55 p.m.60 views

CVE-2013-1942

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id pa...

4.3CVSS5.6AI score0.09552EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.54 views

CVE-2013-1963

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.

4CVSS6.3AI score0.00176EPSS
CVE
CVE
added 2014/02/05 3:10 p.m.53 views

CVE-2013-1967

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

4.3CVSS5.9AI score0.00467EPSS
CVE
CVE
added 2014/03/24 4:31 p.m.52 views

CVE-2013-0303

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by...

6.5CVSS7.2AI score0.14573EPSS
CVE
CVE
added 2013/01/03 1:55 a.m.51 views

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

4.3CVSS6.9AI score0.00431EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.51 views

CVE-2013-2042

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark...

3.5CVSS5.3AI score0.00185EPSS
CVE
CVE
added 2014/03/14 5:55 p.m.50 views

CVE-2013-0300

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Drop...

6.8CVSS7.4AI score0.00074EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.50 views

CVE-2013-1822

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin pr...

2.1CVSS5.4AI score0.00185EPSS
CVE
CVE
added 2014/06/04 2:55 p.m.49 views

CVE-2013-0204

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.

4.6CVSS6.5AI score0.00485EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.48 views

CVE-2013-0298

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint ...

4.3CVSS5.7AI score0.00263EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.48 views

CVE-2013-1850

Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.

6.5CVSS7.4AI score0.00485EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.48 views

CVE-2013-2043

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.

4CVSS6.3AI score0.00176EPSS
CVE
CVE
added 2012/12/18 1:55 a.m.47 views

CVE-2012-5608

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.

4.3CVSS5.8AI score0.00295EPSS
CVE
CVE
added 2014/03/09 1:16 p.m.47 views

CVE-2013-2046

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS7.9AI score0.00303EPSS
CVE
CVE
added 2014/03/24 4:31 p.m.47 views

CVE-2014-2057

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS
CVE
CVE
added 2014/06/05 3:44 p.m.46 views

CVE-2013-0304

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to ...

4CVSS6.6AI score0.00176EPSS
CVE
CVE
added 2013/01/03 1:55 a.m.45 views

CVE-2012-5666

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

4.3CVSS5.9AI score0.00407EPSS
CVE
CVE
added 2014/03/14 5:55 p.m.45 views

CVE-2013-0299

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone...

6.8CVSS7.3AI score0.00118EPSS
CVE
CVE
added 2014/06/04 2:55 p.m.45 views

CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

5CVSS6.8AI score0.00243EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.45 views

CVE-2013-2039

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

4CVSS6.3AI score0.00139EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.45 views

CVE-2013-2040

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00185EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.45 views

CVE-2013-2150

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

3.5CVSS5.6AI score0.00185EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.41 views

CVE-2013-0307

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

3.5CVSS5.8AI score0.00284EPSS
CVE
CVE
added 2014/03/14 4:55 p.m.41 views

CVE-2013-1851

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.

3.5CVSS6.4AI score0.00171EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.40 views

CVE-2013-0297

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

3.5CVSS5.4AI score0.00185EPSS
CVE
CVE
added 2014/03/24 4:31 p.m.40 views

CVE-2013-7344

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.

6.5CVSS7.2AI score0.14573EPSS