Owncloud

Owncloud

116 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-2057

  • EPSS 0.26%
  • Veröffentlicht 24.03.2014 16:31:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2013-0303

  • EPSS 11.28%
  • Veröffentlicht 24.03.2014 16:31:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected v...

6.5

CVE-2013-7344

  • EPSS 0.39%
  • Veröffentlicht 24.03.2014 16:31:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affec...

4.3

CVE-2013-0201

Exploit
  • EPSS 0.42%
  • Veröffentlicht 18.03.2014 17:02:50
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to ...

6.8

CVE-2013-0299

  • EPSS 0.12%
  • Veröffentlicht 14.03.2014 17:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parame...

6.8

CVE-2013-0301

  • EPSS 0.12%
  • Veröffentlicht 14.03.2014 17:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

4

CVE-2013-2039

  • EPSS 0.14%
  • Veröffentlicht 14.03.2014 16:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

3.5

CVE-2013-2040

  • EPSS 0.19%
  • Veröffentlicht 14.03.2014 16:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5

CVE-2013-2042

  • EPSS 0.19%
  • Veröffentlicht 14.03.2014 16:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBoo...

4

CVE-2013-2043

  • EPSS 0.18%
  • Veröffentlicht 14.03.2014 16:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.