Owncloud

Owncloud

116 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2016-9463

Exploit
  • EPSS 3.86%
  • Published 28.03.2017 02:59:00
  • Last modified 20.04.2025 01:37:25

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenti...

4.3

CVE-2017-5865

  • EPSS 0.2%
  • Published 03.03.2017 15:59:01
  • Last modified 20.04.2025 01:37:25

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate us...

4.3

CVE-2017-5866

  • EPSS 0.15%
  • Published 03.03.2017 15:59:01
  • Last modified 20.04.2025 01:37:25

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.5

CVE-2017-5867

  • EPSS 0.6%
  • Published 03.03.2017 15:59:01
  • Last modified 20.04.2025 01:37:25

ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.

5.9

CVE-2016-5876

  • EPSS 0.3%
  • Published 23.01.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

5.4

CVE-2016-7419

Exploit
  • EPSS 0.2%
  • Published 17.09.2016 21:59:11
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.

4.3

CVE-2016-1501

  • EPSS 0.11%
  • Published 08.01.2016 21:59:09
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.

3.5

CVE-2016-1500

  • EPSS 0.29%
  • Published 08.01.2016 21:59:08
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the...

8.5

CVE-2016-1499

Exploit
  • EPSS 0.59%
  • Published 08.01.2016 21:59:07
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to in...

6.1

CVE-2016-1498

  • EPSS 0.25%
  • Published 08.01.2016 21:59:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unsp...