Vulnerabilities > Owncloud > Owncloud > 7.0.4

DATE CVE VULNERABILITY TITLE RISK
2015-10-21 CVE-2015-4718 OS Command Injection vulnerability in Owncloud
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
network
low complexity
owncloud CWE-78
critical
 9.0
9.0
2015-10-21 CVE-2015-4717 Resource Management Errors vulnerability in Owncloud
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
network
low complexity
owncloud CWE-399
7.8
7.8