Filtered by vendor Owncloud
Subscriptions
Total
169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2045 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-2149 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | ||||
| CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | ||||
| CVE-2012-5057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
| CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | ||||
| CVE-2013-1890 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. | ||||
| CVE-2013-1941 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | ||||
| CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2012-5665 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | N/A |
| ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | ||||
| CVE-2012-2270 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
| CVE-2012-2398 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | ||||
| CVE-2012-4392 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | N/A |
| index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. | ||||
| CVE-2012-4394 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2012-4395 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. | ||||
| CVE-2012-4753 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2012-5610 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. | ||||
| CVE-2013-1967 | 2 Mediaelementjs, Owncloud | 2 Mediaelement.js, Owncloud Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2012-2397 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | ||||
| CVE-2012-4391 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | ||||
| CVE-2012-4393 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. | ||||