Search Results (108 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0300 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php.
CVE-2015-7699 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
CVE-2012-5336 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
CVE-2013-0204 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
CVE-2012-5056 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
CVE-2013-0297 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
CVE-2013-0201 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
CVE-2013-0304 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
CVE-2013-2086 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
CVE-2014-2049 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
CVE-2014-9047 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors.
CVE-2014-9048 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.
CVE-2015-3013 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
CVE-2015-5953 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
CVE-2016-1501 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.
CVE-2013-0298 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
CVE-2013-2040 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2051 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
CVE-2013-1850 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
CVE-2013-0307 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.