Filtered by vendor Owncloud
Subscribe
Total
167 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1501 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. | |||||
CVE-2016-1498 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. | |||||
CVE-2015-5953 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. | |||||
CVE-2015-3013 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 6.0 MEDIUM | N/A |
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. | |||||
CVE-2015-7298 | 2 Owncloud, Qt | 2 Owncloud Desktop Client, Qt | 2024-02-28 | 5.1 MEDIUM | N/A |
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. | |||||
CVE-2015-5954 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | N/A |
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. | |||||
CVE-2016-7419 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. | |||||
CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2024-02-28 | 9.0 HIGH | N/A |
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | |||||
CVE-2015-7699 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 9.0 HIGH | N/A |
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | |||||
CVE-2015-4716 | 2 Microsoft, Owncloud | 2 Windows, Owncloud | 2024-02-28 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
CVE-2015-6500 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | |||||
CVE-2016-1499 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 7.5 HIGH | 8.5 HIGH |
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. | |||||
CVE-2015-4718 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 9.0 HIGH | N/A |
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | |||||
CVE-2016-1500 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 3.5 LOW | 3.1 LOW |
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. | |||||
CVE-2015-4456 | 1 Owncloud | 1 Owncloud Desktop Client | 2024-02-28 | 2.6 LOW | N/A |
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. | |||||
CVE-2014-5341 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.3 MEDIUM | N/A |
The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2014-3838 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | N/A |
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts. | |||||
CVE-2012-5057 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||||
CVE-2014-3832 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. | |||||
CVE-2013-2149 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. |