Owncloud

Owncloud Server

108 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-0307

  • EPSS 0.28%
  • Published 14.03.2014 15:55:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

6.5

CVE-2013-2045

  • EPSS 0.35%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5

CVE-2013-2046

  • EPSS 0.3%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

4.3

CVE-2013-1967

Exploit
  • EPSS 0.57%
  • Published 05.02.2014 15:10:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file par...

6.8

CVE-2013-6403

  • EPSS 0.35%
  • Published 24.12.2013 18:55:20
  • Last modified 11.04.2025 00:51:21

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

4.3

CVE-2013-1942

Exploit
  • EPSS 8.8%
  • Published 15.08.2013 17:55:24
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary w...

4.3

CVE-2012-5665

Exploit
  • EPSS 0.43%
  • Published 03.01.2013 01:55:03
  • Last modified 11.04.2025 00:51:21

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

4.3

CVE-2012-5666

  • EPSS 0.41%
  • Published 03.01.2013 01:55:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

4.3

CVE-2012-5606

  • EPSS 0.44%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) ...

5

CVE-2012-5607

  • EPSS 0.38%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."