Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2021-02-19 CVE-2020-10252 Server-Side Request Forgery (SSRF) vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
low complexity
owncloud CWE-918
6.5
2021-02-09 CVE-2020-28645 Improper Input Validation vulnerability in Owncloud
Deleting users with certain names caused system files to be deleted.
network
low complexity
owncloud CWE-20
5.0
2021-02-09 CVE-2020-28644 Cross-Site Request Forgery (CSRF) vulnerability in Owncloud
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints.
network
owncloud CWE-352
4.3
2021-02-09 CVE-2020-16144 Incorrect Default Permissions vulnerability in Owncloud Files Antivirus
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues.
network
owncloud CWE-276
3.5
2021-01-15 CVE-2020-16255 Cross-site Scripting vulnerability in Owncloud
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
network
owncloud CWE-79
4.3
2020-02-17 CVE-2015-4715 Files or Directories Accessible to External Parties vulnerability in Owncloud
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
network
low complexity
owncloud CWE-552
4.0
2020-02-11 CVE-2014-2052 XXE vulnerability in Owncloud
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
owncloud CWE-611
7.5
2020-01-23 CVE-2014-2050 Cross-Site Request Forgery (CSRF) vulnerability in Owncloud
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
network
owncloud CWE-352
4.3
2019-12-17 CVE-2013-0202 Cross-site Scripting vulnerability in Owncloud
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
network
owncloud CWE-79
4.3
2019-11-22 CVE-2013-0203 Cross-site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
network
owncloud CWE-79
3.5