Vulnerabilities > Owncloud > Owncloud Server

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-29659 Unspecified vulnerability in Owncloud Server 10.7.0
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure.
network
low complexity
owncloud
6.5
2021-02-19 CVE-2020-36252 Use of Insufficiently Random Values vulnerability in Owncloud Server
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
low complexity
owncloud CWE-330
5.7
2020-02-17 CVE-2015-4715 Files or Directories Accessible to External Parties vulnerability in Owncloud
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
network
low complexity
owncloud CWE-552
4.9
2020-02-11 CVE-2014-2052 XXE vulnerability in Owncloud
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
owncloud CWE-611
critical
9.8
2020-01-23 CVE-2014-2050 Cross-Site Request Forgery (CSRF) vulnerability in Owncloud
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
network
low complexity
owncloud CWE-352
6.5
2019-12-17 CVE-2013-0202 Cross-site Scripting vulnerability in Owncloud Server
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
network
low complexity
owncloud CWE-79
6.1
2019-11-22 CVE-2013-0203 Cross-site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
network
low complexity
owncloud CWE-79
5.4
2016-01-08 CVE-2016-1501 Information Exposure vulnerability in Owncloud
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.
network
low complexity
owncloud CWE-200
4.3
2016-01-08 CVE-2016-1500 Information Exposure vulnerability in Owncloud
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
network
high complexity
owncloud CWE-200
3.1
2016-01-08 CVE-2016-1499 Resource Management Errors vulnerability in Owncloud
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
network
low complexity
owncloud CWE-399
8.5