Owncloud

Owncloud Server

108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-0307

  • EPSS 0.28%
  • Veröffentlicht 14.03.2014 15:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

6.5

CVE-2013-2045

  • EPSS 0.35%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5

CVE-2013-2046

  • EPSS 0.3%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

4.3

CVE-2013-1967

Exploit
  • EPSS 0.57%
  • Veröffentlicht 05.02.2014 15:10:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file par...

6.8

CVE-2013-6403

  • EPSS 0.35%
  • Veröffentlicht 24.12.2013 18:55:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

4.3

CVE-2013-1942

Exploit
  • EPSS 8.8%
  • Veröffentlicht 15.08.2013 17:55:24
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary w...

4.3

CVE-2012-5665

Exploit
  • EPSS 0.43%
  • Veröffentlicht 03.01.2013 01:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

4.3

CVE-2012-5666

  • EPSS 0.41%
  • Veröffentlicht 03.01.2013 01:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

4.3

CVE-2012-5606

  • EPSS 0.44%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) ...

5

CVE-2012-5607

  • EPSS 0.38%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."