Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / owncloud

owncloud

168 tracked vulnerabilities.

owncloud < 6.0.1 - Cross-Site Scripting

owncloud_server < 5.0.15 and 6.x < 6.0.2 - Unauthenticated File Access via Flash Cross Domain Policy

owncloud < 6.0.2 - Session Fixation via GET Request

CVE-2013-0202 MEDIUM

owncloud_server 4.0.0-4.0.10 - Cross-Site Scripting via Sharing Action Parameter

CVE-2013-0203 MEDIUM

owncloud < 4.0.10 and 4.5.0-4.5.5 - Cross-Site Scripting via Calendar Event or Bookmark URL Parameters

owncloud < 4.5.7 - Authenticated Arbitrary Calendar Read via calid Parameter

ownCloud Server <4.0.12 - Info Disclosure

ownCloud Server < 4.0.14, 4.5.x < 4.5.9, 5.0.x < 5.0.4 - Weak PostgreSQL Password Generation via Time-Based Seed

owncloud_server 4.5.x - Authenticated PHP Code Execution via Mount Point Settings

ownCloud < 4.0.12 and 4.5.x < 4.5.6 - Authenticated Remote Code Execution in core/settings.php

ownCloud < 4.0.12 and 4.5.x < 4.5.6 - Authenticated Remote Code Execution

ownCloud < 4.0.10 - Cross-Site Scripting via QUERY_STRING, mime, or token Parameter

owncloud < 4.0.12 - Cross-Site Request Forgery via Timezone Parameter

owncloud_server < 4.5.7 - Cross-Site Request Forgery via Calendar View Parameter

ownCloud < 4.0.12 and 4.5.x < 4.5.7 - Cross-Site Request Forgery via Multiple Endpoints

owncloud_server < 4.5.12 and 5.x < 5.0.7 - Cross-Site Scripting via Shared Files

owncloud < 4.0.16 and 5.0.0-5.0.7 - Authenticated Cross-Site Scripting via Shared Files

owncloud < 5.0.6 - Authenticated Remote Code Execution via File Upload

owncloud_server - Exposure of Sensitive Information via JavaScript File

owncloud < 5.0.6 - Authenticated Path Traversal via Dir Parameter

ownCloud < 5.0.6 - Authenticated Arbitrary API Command Execution

owncloud < 5.0.6 - Password Autocomplete Exposure in Login Page

owncloud < 5.0.6 - Open Redirect via Login Page redirect_url Parameter

owncloud < 4.5.11 and 5.x < 5.0.6 - Authenticated Arbitrary Calendar Download via calendar_id Parameter

ownCloud < 4.0.15, 4.5.x < 4.5.11, 5.0.x < 5.0.6 - Authenticated Cross-Site Scripting via Bookmark URL Parameter

Previous Page 5 of 7 Next

Products

owncloud 116 owncloud_server 108 owncloud_client 7 owncloud_desktop_client 5 files_antivirus 3 OwnCloud 1 file_firewall 1 graph_api 1 guests 1 oauth2 1 smb 1 user_ldap 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy