Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2015-4715 Files or Directories Accessible to External Parties vulnerability in Owncloud
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
network
low complexity
owncloud CWE-552
4.9
2020-02-11 CVE-2014-2052 XXE vulnerability in Owncloud
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
owncloud CWE-611
critical
9.8
2020-01-23 CVE-2014-2050 Cross-Site Request Forgery (CSRF) vulnerability in Owncloud
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
network
low complexity
owncloud CWE-352
6.5
2019-12-17 CVE-2013-0202 Cross-site Scripting vulnerability in Owncloud
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
network
low complexity
owncloud CWE-79
6.1
2019-11-22 CVE-2013-0203 Cross-site Scripting vulnerability in Owncloud
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
network
low complexity
owncloud CWE-79
5.4
2018-03-26 CVE-2014-2048 Improper Access Control vulnerability in Owncloud
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
network
low complexity
owncloud CWE-284
critical
9.8
2018-03-20 CVE-2014-1665 Cross-site Scripting vulnerability in Owncloud
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
network
low complexity
owncloud CWE-79
5.4
2017-07-17 CVE-2017-9340 Unspecified vulnerability in Owncloud
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
network
low complexity
owncloud
6.5
2017-07-17 CVE-2017-9339 Unspecified vulnerability in Owncloud
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars.
network
low complexity
owncloud
5.3
2017-07-17 CVE-2017-9338 Cross-site Scripting vulnerability in Owncloud
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2.
network
low complexity
owncloud CWE-79
5.4