Total
155 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4716 | 2 Microsoft, Owncloud | 2 Windows, Owncloud | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | |||||
CVE-2015-7699 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 9.0 HIGH | N/A |
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | |||||
CVE-2014-2585 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.9 MEDIUM | N/A |
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. | |||||
CVE-2014-3832 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
CVE-2014-9047 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors. | |||||
CVE-2013-1967 | 2 Mediaelementjs, Owncloud | 2 Mediaelement.js, Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
CVE-2014-2044 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | |||||
CVE-2013-1941 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 5.0 MEDIUM | N/A |
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.6 MEDIUM | N/A |
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | |||||
CVE-2014-2051 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 7.5 HIGH | N/A |
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query." | |||||
CVE-2014-3833 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
CVE-2014-9049 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.0 MEDIUM | N/A |
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||||
CVE-2014-9046 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 5.0 MEDIUM | N/A |
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | |||||
CVE-2014-2057 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-0300 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php. | |||||
CVE-2013-2047 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 2.1 LOW | N/A |
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | |||||
CVE-2013-1851 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 3.5 LOW | N/A |
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | |||||
CVE-2013-0201 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php. | |||||
CVE-2014-3837 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.0 MEDIUM | N/A |
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. |