Vulnerabilities > Owncloud > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-21 | CVE-2023-49105 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud owncloud/core before 10.13.1. | 9.8 |
2022-01-15 | CVE-2021-33827 | OS Command Injection vulnerability in Owncloud Files Antivirus The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | 9.0 |
2015-10-26 | CVE-2015-7699 | Improper Input Validation vulnerability in Owncloud The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | 9.0 |
2015-10-21 | CVE-2015-7698 | OS Command Injection vulnerability in Owncloud and SMB icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | 9.0 |
2015-10-21 | CVE-2015-4718 | OS Command Injection vulnerability in Owncloud The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | 9.0 |
2015-10-21 | CVE-2015-4716 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | 10.0 |