Vulnerabilities > Owncloud > Owncloud > 4.0.3

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-9340 Unspecified vulnerability in Owncloud
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
network
low complexity
owncloud
4.0
2017-07-17 CVE-2017-9339 Unspecified vulnerability in Owncloud
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars.
network
low complexity
owncloud
5.0
2017-07-17 CVE-2017-9338 Cross-site Scripting vulnerability in Owncloud
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2.
network
owncloud CWE-79
3.5
2017-07-17 CVE-2017-8896 Cross-site Scripting vulnerability in Owncloud
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
network
owncloud CWE-79
4.3
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9460 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9459 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS.
4.3
2017-03-03 CVE-2017-5867 Resource Exhaustion vulnerability in Owncloud
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
network
low complexity
owncloud CWE-400
4.0
2017-03-03 CVE-2017-5866 Information Exposure vulnerability in Owncloud
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
owncloud CWE-200
4.0