VIR Vulnerability Intelligence Relay

Search

Found 17 results in 59ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-9463 high 8.1 8.1 nextcloudowncloud 9y ago Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enable…
CVE-2016-7102 high 8.4 8.4 owncloud 10y ago ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
CVE-2016-1499 high 8.5 8.5 owncloud 11y ago ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of serv…
CVE-2015-7699 critical 9.0 owncloud 11y ago The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary co…
CVE-2015-6500 high 7.5 owncloud 11y ago Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consu…
CVE-2015-7698 critical 9.0 owncloud 11y ago icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) …
CVE-2015-4718 critical 9.0 owncloud 11y ago The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) cha…
CVE-2015-4717 high 7.8 owncloud 11y ago The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote …
CVE-2015-4716 critical 10.0 owncloud 11y ago Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or exe…
CVE-2014-2044 high 8.5 EXP owncloud 12y ago Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbi…
CVE-2014-2051 high 7.5 owncloud 12y ago ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
CVE-2014-3834 high 7.5 owncloud 12y ago ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspec…
CVE-2014-2056 high 7.5 owncloudphpdocx 12y ago PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External…
CVE-2014-2055 high 7.5 FIX debian debian fruuxowncloud 12y ago XXE in SabreDAV
CVE-2014-2054 high 7.5 owncloudphpexcel_project 12y ago PHPExcel vulnerable to XXE attacks through libxml
CVE-2014-2053 high 7.5 FIX debian debian getid3owncloud 12y ago getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via a…
CVE-2012-4392 high 7.5 owncloud 14y ago index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.