Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2013-1963 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors. | |||||
| CVE-2013-0307 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. | |||||
| CVE-2015-4717 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 7.8 HIGH | N/A |
| The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | |||||
| CVE-2016-1499 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 7.5 HIGH | 8.5 HIGH |
| ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. | |||||
| CVE-2014-9048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. | |||||
| CVE-2013-2089 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.6 MEDIUM | N/A |
| Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | |||||
| CVE-2014-4929 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. | |||||
| CVE-2013-2149 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. | |||||
| CVE-2014-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | |||||
| CVE-2014-2055 | 2 Fruux, Owncloud | 2 Sabredav, Owncloud Server | 2025-04-12 | 7.5 HIGH | N/A |
| SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2016-1500 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 3.5 LOW | 3.1 LOW |
| ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. | |||||
| CVE-2012-5057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||||
| CVE-2014-9049 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||||
| CVE-2012-5056 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. | |||||
| CVE-2013-0204 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.6 MEDIUM | N/A |
| settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||||
| CVE-2013-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2014-9046 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | |||||
| CVE-2015-4716 | 2 Microsoft, Owncloud | 3 Windows, Owncloud, Owncloud Server | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-2046 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||