Vulnerabilities > Owncloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-05 | CVE-2012-4390 | Information Exposure vulnerability in Owncloud (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. | 4.0 |
| 2012-09-05 | CVE-2012-4389 | Unspecified vulnerability in Owncloud Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. network owncloud | 6.8 |
| 2012-04-20 | CVE-2012-2398 | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. | 4.3 |
| 2012-04-20 | CVE-2012-2397 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. | 6.8 |
| 2012-04-20 | CVE-2012-2270 | Improper Input Validation vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | 5.8 |
| 2012-04-20 | CVE-2012-2269 | Cross-Site Scripting vulnerability in Owncloud 3.0.0/3.0.1/3.0.2 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | 4.3 |