Filtered by vendor Owncloud
Subscriptions
Filtered by product Owncloud
Subscriptions
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | ||||
| CVE-2014-5341 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-9042 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041. | ||||
| CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | ||||
| CVE-2014-9045 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | ||||
| CVE-2014-9046 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | ||||
| CVE-2014-9047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2014-9048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. | ||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | ||||
| CVE-2015-4717 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | ||||
| CVE-2015-4718 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | ||||
| CVE-2015-5953 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. | ||||
| CVE-2013-0303 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344. | ||||
| CVE-2013-2040 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | ||||
| CVE-2013-2150 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. | ||||
| CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | ||||
| CVE-2014-9041 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | ||||
| CVE-2014-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | ||||
| CVE-2014-2047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. | ||||