Owncloud

Owncloud Server

108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.83%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 16.06.2026 23:47:04

Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.

  • EPSS 2.07%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 16.06.2026 23:47:04

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

  • EPSS 2.17%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 16.06.2026 23:47:04

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.

Exploit
  • EPSS 1.91%
  • Veröffentlicht 05.09.2012 23:55:03
  • Zuletzt bearbeitet 16.06.2026 23:44:56

Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.

Exploit
  • EPSS 2.49%
  • Veröffentlicht 05.09.2012 23:55:03
  • Zuletzt bearbeitet 16.06.2026 23:44:56

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/ed...

Exploit
  • EPSS 1.91%
  • Veröffentlicht 05.09.2012 23:55:03
  • Zuletzt bearbeitet 16.06.2026 23:44:56

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shar...

  • EPSS 2.18%
  • Veröffentlicht 05.09.2012 23:55:03
  • Zuletzt bearbeitet 16.06.2026 23:45:40

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393...

  • EPSS 0.6%
  • Veröffentlicht 05.09.2012 23:55:03
  • Zuletzt bearbeitet 16.06.2026 23:45:40

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Exploit
  • EPSS 3.29%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 16.06.2026 23:44:55

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.

Exploit
  • EPSS 1.8%
  • Veröffentlicht 05.09.2012 23:55:02
  • Zuletzt bearbeitet 16.06.2026 23:44:55

(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.