Filtered by vendor Owncloud
Subscriptions
Total
167 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2024-09-04 | 8.7 High |
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | ||||
CVE-2023-49105 | 1 Owncloud | 1 Owncloud | 2024-08-29 | 9.8 Critical |
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0. | ||||
CVE-2012-5665 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | ||||
CVE-2012-5336 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | ||||
CVE-2012-5057 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
CVE-2012-5056 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. | ||||
CVE-2012-2397 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | ||||
CVE-2012-2398 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | ||||
CVE-2012-2270 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
CVE-2012-2269 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | ||||
CVE-2013-7344 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions. | ||||
CVE-2013-6403 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. | ||||
CVE-2013-2086 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | ||||
CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | ||||
CVE-2013-2150 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. | ||||
CVE-2013-2149 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | ||||
CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | ||||
CVE-2013-2046 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2013-2042 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php. | ||||
CVE-2013-2045 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |