Filtered by vendor Owncloud
Subscribe
Total
166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2045 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-1941 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 5.0 MEDIUM | N/A |
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
CVE-2013-0304 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.0 MEDIUM | N/A |
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. | |||||
CVE-2014-2057 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-2039 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | |||||
CVE-2014-2053 | 2 Getid3, Owncloud | 2 Getid3, Owncloud | 2024-02-04 | 7.5 HIGH | N/A |
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
CVE-2014-3833 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
CVE-2013-2149 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | |||||
CVE-2013-2048 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 6.5 MEDIUM | N/A |
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | |||||
CVE-2014-3834 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 7.5 HIGH | N/A |
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors. | |||||
CVE-2013-0204 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.6 MEDIUM | N/A |
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||||
CVE-2014-2585 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.9 MEDIUM | N/A |
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. | |||||
CVE-2014-9045 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 5.0 MEDIUM | N/A |
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | |||||
CVE-2014-9042 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041. | |||||
CVE-2013-2043 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.0 MEDIUM | N/A |
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | |||||
CVE-2014-9041 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 6.8 MEDIUM | N/A |
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | |||||
CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | |||||
CVE-2013-1851 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | |||||
CVE-2013-2041 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js. | |||||
CVE-2013-2040 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |