Owncloud

Owncloud

116 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-1851

  • EPSS 0.17%
  • Veröffentlicht 14.03.2014 16:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified ve...

4

CVE-2013-1963

  • EPSS 0.18%
  • Veröffentlicht 14.03.2014 16:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.

3.5

CVE-2013-0297

  • EPSS 0.19%
  • Veröffentlicht 14.03.2014 15:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/aja...

3.5

CVE-2013-0307

  • EPSS 0.28%
  • Veröffentlicht 14.03.2014 15:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

4.3

CVE-2013-1890

  • EPSS 0.3%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified paramete...

6.5

CVE-2013-1893

  • EPSS 0.35%
  • Veröffentlicht 09.03.2014 13:16:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.

6.8

CVE-2013-6403

  • EPSS 0.35%
  • Veröffentlicht 24.12.2013 18:55:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

4.3

CVE-2013-1942

Exploit
  • EPSS 8.8%
  • Veröffentlicht 15.08.2013 17:55:24
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary w...

4.3

CVE-2012-5606

  • EPSS 0.44%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) ...

5

CVE-2012-5607

  • EPSS 0.38%
  • Veröffentlicht 18.12.2012 01:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."