Vulnerabilities > Owncloud > Owncloud > 7.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-21 | CVE-2015-4718 | OS Command Injection vulnerability in Owncloud The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | 9.0 |
2015-10-21 | CVE-2015-4717 | Resource Management Errors vulnerability in Owncloud The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | 7.8 |