Owncloud Server Security Vulnerabilities and Issues — Owncloud Server CVE List

Lucene search

OwncloudOwncloud Server

10 matches found

CVE•added 2014/06/04 2:55 p.m.•108 views

CVE-2014-2053

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5CVSS9.5AI score0.02188EPSS

CVE•added 2014/06/04 2:55 p.m.•101 views

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5CVSS7.4AI score0.00537EPSS

CVE•added 2014/10/06 11:55 p.m.•71 views

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename pa...

7.5CVSS7.3AI score0.17806EPSS

CVE•added 2015/10/21 6:59 p.m.•62 views

CVE-2015-4717

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint...

7.8CVSS4.9AI score0.00693EPSS

CVE•added 2015/10/26 2:59 p.m.•61 views

CVE-2015-6500

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.

7.5CVSS6.1AI score0.00904EPSS

CVE•added 2014/06/04 2:55 p.m.•60 views

CVE-2014-2056

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5CVSS7.5AI score0.00537EPSS

CVE•added 2014/06/04 2:55 p.m.•49 views

CVE-2014-2055

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5CVSS7.3AI score0.00537EPSS

CVE•added 2012/09/05 11:55 p.m.•48 views

CVE-2012-4392

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

7.5CVSS6.9AI score0.0034EPSS

CVE•added 2014/06/05 3:44 p.m.•48 views

CVE-2014-2051

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."

7.5CVSS7.2AI score0.0057EPSS

CVE•added 2014/06/04 2:55 p.m.•40 views

CVE-2014-3834

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.

7.5CVSS6.3AI score0.00303EPSS