Owncloud

Owncloud

116 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-9045

  • EPSS 0.7%
  • Published 04.02.2015 18:59:05
  • Last modified 12.04.2025 10:46:40

The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.

5

CVE-2014-9043

  • EPSS 0.38%
  • Published 04.02.2015 18:59:03
  • Last modified 12.04.2025 10:46:40

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an un...

3.5

CVE-2014-9042

  • EPSS 0.19%
  • Published 04.02.2015 18:59:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing ...

6.8

CVE-2014-9041

  • EPSS 0.18%
  • Published 04.02.2015 18:59:01
  • Last modified 12.04.2025 10:46:40

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

4.3

CVE-2014-5341

  • EPSS 0.25%
  • Published 04.02.2015 18:59:00
  • Last modified 12.04.2025 10:46:40

The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.

7.5

CVE-2014-2044

Exploit
  • EPSS 17.81%
  • Published 06.10.2014 23:55:08
  • Last modified 12.04.2025 10:46:40

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alte...

6.8

CVE-2014-4929

  • EPSS 0.59%
  • Published 20.08.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.

5

CVE-2013-0302

  • EPSS 0.25%
  • Published 05.06.2014 15:44:07
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether t...

4

CVE-2013-0304

  • EPSS 0.18%
  • Published 05.06.2014 15:44:07
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site...

4

CVE-2014-3963

  • EPSS 0.13%
  • Published 04.06.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.