Owncloud

Owncloud Server

108 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-5608

  • EPSS 0.3%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.

6.5

CVE-2012-5609

  • EPSS 1.03%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

6.5

CVE-2012-5610

  • EPSS 1.09%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.

4.3

CVE-2012-4395

Exploit
  • EPSS 0.25%
  • Published 05.09.2012 23:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.

4.3

CVE-2012-4396

Exploit
  • EPSS 0.76%
  • Published 05.09.2012 23:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/ed...

4.3

CVE-2012-4397

Exploit
  • EPSS 0.3%
  • Published 05.09.2012 23:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shar...

5

CVE-2012-4752

  • EPSS 0.63%
  • Published 05.09.2012 23:55:03
  • Last modified 11.04.2025 00:51:21

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...

6.8

CVE-2012-4753

  • EPSS 0.12%
  • Published 05.09.2012 23:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8

CVE-2012-4389

Exploit
  • EPSS 1.75%
  • Published 05.09.2012 23:55:02
  • Last modified 11.04.2025 00:51:21

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.

4

CVE-2012-4390

Exploit
  • EPSS 0.2%
  • Published 05.09.2012 23:55:02
  • Last modified 11.04.2025 00:51:21

(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.