Filtered by vendor Owncloud
Subscriptions
Filtered by product Owncloud
Subscriptions
Total
155 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-5665 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | ||||
CVE-2012-5336 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | ||||
CVE-2012-5057 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
CVE-2012-5056 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. | ||||
CVE-2012-2397 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | ||||
CVE-2012-2398 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | ||||
CVE-2012-2270 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
CVE-2012-2269 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | ||||
CVE-2013-7344 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions. | ||||
CVE-2013-6403 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. | ||||
CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | ||||
CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | ||||
CVE-2013-2150 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. | ||||
CVE-2013-2149 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | ||||
CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | ||||
CVE-2013-2046 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2013-2042 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php. | ||||
CVE-2013-2045 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2013-1967 | 2 Mediaelementjs, Owncloud | 2 Mediaelement.js, Owncloud | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
CVE-2013-2043 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. |