Filtered by vendor Owncloud
Subscriptions
Filtered by product Owncloud
Subscriptions
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5336 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | ||||
| CVE-2013-2048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | ||||
| CVE-2016-1500 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. | ||||
| CVE-2016-1498 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. | ||||
| CVE-2013-1893 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. | ||||
| CVE-2013-1851 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | ||||
| CVE-2013-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
| CVE-2016-7419 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. | ||||
| CVE-2013-0201 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php. | ||||
| CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | ||||
| CVE-2015-4717 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | ||||
| CVE-2013-2150 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. | ||||
| CVE-2014-2057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2149 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | ||||
| CVE-2015-4718 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | ||||
| CVE-2014-2049 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. | ||||
| CVE-2013-2043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | ||||
| CVE-2014-3834 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors. | ||||
| CVE-2013-2089 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | ||||