Owncloud

Owncloud

116 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-1851

  • EPSS 0.17%
  • Published 14.03.2014 16:55:04
  • Last modified 12.04.2025 10:46:40

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified ve...

4

CVE-2013-1963

  • EPSS 0.18%
  • Published 14.03.2014 16:55:04
  • Last modified 12.04.2025 10:46:40

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.

3.5

CVE-2013-0297

  • EPSS 0.19%
  • Published 14.03.2014 15:55:05
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/aja...

3.5

CVE-2013-0307

  • EPSS 0.28%
  • Published 14.03.2014 15:55:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

4.3

CVE-2013-1890

  • EPSS 0.3%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified paramete...

6.5

CVE-2013-1893

  • EPSS 0.35%
  • Published 09.03.2014 13:16:56
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.

6.8

CVE-2013-6403

  • EPSS 0.35%
  • Published 24.12.2013 18:55:20
  • Last modified 11.04.2025 00:51:21

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

4.3

CVE-2013-1942

Exploit
  • EPSS 8.8%
  • Published 15.08.2013 17:55:24
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary w...

4.3

CVE-2012-5606

  • EPSS 0.44%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) ...

5

CVE-2012-5607

  • EPSS 0.38%
  • Published 18.12.2012 01:55:07
  • Last modified 11.04.2025 00:51:21

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."