owncloud

168 tracked vulnerabilities.

CVE-2013-2041
owncloud_server 5.0.x - Authenticated Cross-Site Scripting via Tag or Dir Parameter
Mar 14, 2014
EPSS 0.00
CVE-2013-2040
ownCloud < 4.0.15, 4.5.x < 4.5.11, 5.0.x < 5.0.6 - Authenticated Cross-Site Scripting
Mar 14, 2014
EPSS 0.00
CVE-2013-2039
ownCloud < 4.0.15, 4.5.x < 4.5.11, 5.x < 5.0.6 - Authenticated Path Traversal
Mar 14, 2014
EPSS 0.00
CVE-2013-1963
owncloud < 4.5.10 and 5.x < 5.0.5 - Authenticated Unauthorized Contact Download
Mar 14, 2014
EPSS 0.00
CVE-2013-1939
SabreDAV 1.6.0-1.6.8, 1.7.0-1.7.6 - Path Traversal via Backslash Character
Mar 14, 2014
EPSS 0.00
CVE-2013-1851
ownCloud < 4.0.13 and 4.5.x < 4.5.8 - Authenticated Arbitrary File Import via User Migration
Mar 14, 2014
EPSS 0.00
CVE-2013-1850
owncloud_server < 4.0.13 and 4.5.x < 4.5.8 - Authenticated PHP Code Execution via .htaccess Upload
Mar 14, 2014
EPSS 0.01
CVE-2013-1822
owncloud_server - Authenticated Stored Cross-Site Scripting via Quota Parameter or Group Field
Mar 14, 2014
EPSS 0.00
CVE-2013-0307
ownCloud < 4.0.12 and 4.5.x < 4.5.7 - Authenticated Cross-Site Scripting via Group Input Field
Mar 14, 2014
EPSS 0.00
CVE-2013-0298
owncloud_server < 4.5.7 - Cross-Site Scripting via iCalendar File or PDF Viewer Parameters
Mar 14, 2014
EPSS 0.00
CVE-2013-0297
owncloud_server < 4.0.12 and 4.5.x < 4.5.7 - Authenticated Cross-Site Scripting via Site Name or URL Parameter
Mar 14, 2014
EPSS 0.00
CVE-2013-2046
owncloud_server 4.5.x-5.x - Authenticated SQL Injection
Mar 09, 2014
EPSS 0.00
CVE-2013-2045
owncloud_server 5.0.x - Authenticated SQL Injection
Mar 09, 2014
EPSS 0.00
CVE-2013-1893
owncloud < 5.0.0 - Authenticated SQL Injection in Contacts Application
Mar 09, 2014
EPSS 0.00
CVE-2013-1890
owncloud < 5.0.0 - Cross-Site Scripting via Bookmarks Rename Tag Parameter
Mar 09, 2014
EPSS 0.00
CVE-2013-1967
mediaelement.js < 2.11.2 - Cross-Site Scripting via flashmediaelement.swf File Parameter
Feb 05, 2014
EPSS 0.01
CVE-2013-6403
owncloud < 5.0.13 - Unauthenticated Access Restriction Bypass
Dec 24, 2013
EPSS 0.00
CVE-2013-1942
jPlayer < 2.2.20 - Cross-Site Scripting via jQuery or id Parameters
Aug 15, 2013
EPSS 0.09
CVE-2012-5336
owncloud < 4.0.8 - Authenticated Arbitrary File Read via WebDAV
Jun 04, 2014
EPSS 0.00
CVE-2012-5057
ownCloud Server <4.0.8 - Code Injection
Jun 04, 2014
EPSS 0.00
CVE-2012-5056
owncloud < 4.0.8 - Cross-Site Scripting via Multiple Parameters
Jun 04, 2014
EPSS 0.00
CVE-2012-5666
owncloud_server 4.0.x-4.0.10 and 4.5.x-4.5.5 - Cross-Site Scripting via PATH_INFO to Bookmark Index
Jan 03, 2013
EPSS 0.00
CVE-2012-5665
ownCloud <4.0.10-4.5.5 - Info Disclosure
Jan 03, 2013
EPSS 0.00
CVE-2012-5610
owncloud < 4.0.9 and 4.5.x < 4.5.2 - Authenticated Remote Code Execution via Crafted Filename
Dec 18, 2012
EPSS 0.01
CVE-2012-5609
owncloud < 4.5.2 - Authenticated Remote Code Execution via ZIP File Upload
Dec 18, 2012
EPSS 0.01
Products
owncloud 116 owncloud_server 108 owncloud_client 7 owncloud_desktop_client 5 files_antivirus 3 OwnCloud 1 file_firewall 1 graph_api 1 guests 1 oauth2 1 smb 1 user_ldap 1
Quick Filters
Critical CVEs With Exploits In CISA KEV