Owncloud

Owncloud

116 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-2057

  • EPSS 0.26%
  • Published 24.03.2014 16:31:08
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2013-0303

  • EPSS 11.28%
  • Published 24.03.2014 16:31:06
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected v...

6.5

CVE-2013-7344

  • EPSS 0.39%
  • Published 24.03.2014 16:31:06
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affec...

4.3

CVE-2013-0201

Exploit
  • EPSS 0.42%
  • Published 18.03.2014 17:02:50
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to ...

6.8

CVE-2013-0299

  • EPSS 0.12%
  • Published 14.03.2014 17:55:06
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parame...

6.8

CVE-2013-0301

  • EPSS 0.12%
  • Published 14.03.2014 17:55:06
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

4

CVE-2013-2039

  • EPSS 0.14%
  • Published 14.03.2014 16:55:05
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

3.5

CVE-2013-2040

  • EPSS 0.19%
  • Published 14.03.2014 16:55:05
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5

CVE-2013-2042

  • EPSS 0.19%
  • Published 14.03.2014 16:55:05
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBoo...

4

CVE-2013-2043

  • EPSS 0.18%
  • Published 14.03.2014 16:55:05
  • Last modified 12.04.2025 10:46:40

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.