| CVE-2013-0297 |
low |
— |
3.5 |
|
|
owncloud |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_… |
| CVE-2013-2046 |
medium |
— |
6.5 |
|
|
owncloud |
12y ago |
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vector… |
| CVE-2013-2045 |
medium |
— |
6.5 |
|
|
owncloud |
12y ago |
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-1893 |
medium |
— |
6.5 |
|
|
owncloud |
12y ago |
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the cont… |
| CVE-2013-1890 |
medium |
— |
4.3 |
|
|
owncloud |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax… |
| CVE-2013-1967 |
medium |
— |
4.3 |
|
|
mediaelementjsowncloud |
13y ago |
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to i… |
| CVE-2013-6403 |
medium |
— |
6.8 |
|
|
owncloud |
13y ago |
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. |
| CVE-2013-1942 |
medium |
— |
5.3 |
EXP |
|
happywormowncloud |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other pro… |
| CVE-2012-5666 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PAT… |
| CVE-2012-5665 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by edi… |
| CVE-2012-5610 |
medium |
— |
6.5 |
|
|
owncloud |
14y ago |
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a spe… |
| CVE-2012-5609 |
medium |
— |
6.5 |
|
|
owncloud |
14y ago |
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. |
| CVE-2012-5608 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST paramete… |
| CVE-2012-5607 |
medium |
— |
5.0 |
|
|
owncloud |
14y ago |
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vec… |
| CVE-2012-5606 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/ve… |
| CVE-2012-4753 |
medium |
— |
6.8 |
|
|
owncloud |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2012-4752 |
medium |
— |
5.0 |
|
|
owncloud |
14y ago |
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by u… |
| CVE-2012-4397 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowf… |
| CVE-2012-4396 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) u… |
| CVE-2012-4395 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. |
| CVE-2012-4394 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| CVE-2012-4393 |
medium |
— |
6.8 |
|
|
owncloud |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (… |
| CVE-2012-4392 |
high |
— |
7.5 |
|
|
owncloud |
14y ago |
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. |
| CVE-2012-4391 |
medium |
— |
6.8 |
|
|
owncloud |
14y ago |
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the a… |
| CVE-2012-4390 |
medium |
— |
4.0 |
|
|
owncloud |
14y ago |
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. |
| CVE-2012-4389 |
medium |
— |
6.8 |
|
|
owncloud |
14y ago |
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and access… |
| CVE-2012-2398 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulner… |
| CVE-2012-2397 |
medium |
— |
6.8 |
|
|
owncloud |
14y ago |
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) se… |
| CVE-2012-2270 |
medium |
— |
6.8 |
EXP |
|
owncloud |
14y ago |
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r… |
| CVE-2012-2269 |
medium |
— |
4.3 |
|
|
owncloud |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php… |
