Filtered by vendor Owncloud
Subscriptions
Filtered by product Owncloud
Subscriptions
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9046 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | ||||
| CVE-2014-3837 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. | ||||
| CVE-2014-3835 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors. | ||||
| CVE-2014-3838 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts. | ||||
| CVE-2014-2057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-4391 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | ||||
| CVE-2012-4397 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. | ||||
| CVE-2014-2050 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | ||||
| CVE-2012-2270 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
| CVE-2013-0307 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. | ||||
| CVE-2013-1851 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | ||||
| CVE-2012-4390 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. | ||||
| CVE-2013-1941 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2013-2040 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | ||||
| CVE-2013-2048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | ||||
| CVE-2012-5057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
| CVE-2013-6403 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. | ||||
| CVE-2013-0304 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. | ||||
| CVE-2014-9047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | N/A |
| Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors. | ||||