Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43679 | 1 Owncloud | 1 Owncloud | 2025-05-01 | N/A | 5.3 MEDIUM |
| The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. | |||||
| CVE-2015-4715 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | |||||
| CVE-2013-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2012-4391 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | |||||
| CVE-2014-2052 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2012-2270 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2012-5607 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.0 MEDIUM | N/A |
| The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack." | |||||
| CVE-2013-6403 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. | |||||
| CVE-2013-1941 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.0 MEDIUM | N/A |
| The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
| CVE-2016-1499 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 7.5 HIGH | 8.5 HIGH |
| ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. | |||||
| CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.0 MEDIUM | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2012-4389 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. | |||||
| CVE-2013-0297 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php. | |||||
| CVE-2014-2050 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | |||||
| CVE-2014-3836 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors. | |||||
| CVE-2014-3835 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 5.5 MEDIUM | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors. | |||||
| CVE-2014-9041 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.8 MEDIUM | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | |||||
| CVE-2013-7344 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions. | |||||
| CVE-2013-0304 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 4.0 MEDIUM | N/A |
| ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. | |||||
| CVE-2013-0303 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344. | |||||