Vulnerabilities > Owncloud > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2014-03-14 CVE-2013-1850 Code Injection vulnerability in Owncloud
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
network
low complexity
owncloud CWE-94
6.5
6.5
2014-03-14 CVE-2013-1822 Cross-Site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.
network
high complexity
owncloud CWE-79
2.1
2.1
2014-03-14 CVE-2013-0307 Cross-Site Scripting vulnerability in Owncloud
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
network
owncloud CWE-79
3.5
3.5
2014-03-14 CVE-2013-0298 Cross-Site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
network
owncloud CWE-79
4.3
4.3
2014-03-14 CVE-2013-0297 Cross-Site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
network
owncloud CWE-79
3.5
3.5
2014-03-09 CVE-2013-2046 SQL Injection vulnerability in Owncloud
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
owncloud CWE-89
6.5
6.5
2014-03-09 CVE-2013-2045 SQL Injection vulnerability in Owncloud
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
owncloud CWE-89
6.5
6.5
2014-03-09 CVE-2013-1893 SQL Injection vulnerability in Owncloud
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
network
low complexity
owncloud CWE-89
6.5
6.5
2014-03-09 CVE-2013-1890 Cross-Site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
network
owncloud CWE-79
4.3
4.3
2014-02-05 CVE-2013-1967 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. 		4.3
4.3