Owncloud

Owncloud Server

108 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-2044

Exploit
  • EPSS 17.81%
  • Published 06.10.2014 23:55:08
  • Last modified 12.04.2025 10:46:40

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alte...

6.8

CVE-2014-4929

  • EPSS 0.59%
  • Published 20.08.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

5

CVE-2013-0302

  • EPSS 0.25%
  • Published 05.06.2014 15:44:07
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether t...

4

CVE-2013-0304

  • EPSS 0.18%
  • Published 05.06.2014 15:44:07
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site...

7.5

CVE-2014-2051

  • EPSS 0.57%
  • Published 05.06.2014 15:44:07
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."

7.5

CVE-2014-2055

  • EPSS 0.54%
  • Published 04.06.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5

CVE-2014-2056

  • EPSS 0.54%
  • Published 04.06.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

4.3

CVE-2014-3832

  • EPSS 0.26%
  • Published 04.06.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.

4.3

CVE-2014-3833

  • EPSS 0.26%
  • Published 04.06.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly rela...

7.5

CVE-2014-3834

  • EPSS 0.3%
  • Published 04.06.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.