Vulnerabilities (CVE)

Vendor filter

Owncloud Subscribe

Product filter

Owncloud Subscribe

Filter

127 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-9459 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 4.3
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the...
CVE-2016-9461 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 4.0
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an...
CVE-2016-9462 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 4.0
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share....
CVE-2016-9463 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 6.8
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows...
CVE-2016-9467 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 5.0
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link...
CVE-2016-9468 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 5.0
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a...
CVE-2016-9466 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 4.3
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint...
CVE-2016-9465 2 Nextcloud, Owncloud 3 Nextcloud, Owncloud, Nextcloud Server 2019-03-12 3.5
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a...
CVE-2015-3012 3 Kogmbh, Debian, Owncloud 3 Debian Linux, Owncloud, Webodf 2019-02-11 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
CVE-2015-3013 1 Owncloud 1 Owncloud 2019-02-07 6.0
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
CVE-2014-9716 2 Kogmbh, Owncloud 2 Owncloud, Webodf 2019-01-30 4.3
Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name.
CVE-2013-1939 2 Fruux, Owncloud 2 Owncloud, Sabredav 2018-12-06 5.0
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary...
CVE-2013-2149 1 Owncloud 1 Owncloud 2018-12-06 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
CVE-2013-2085 1 Owncloud 1 Owncloud 2018-12-06 4.0
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2016-1499 1 Owncloud 1 Owncloud 2018-10-09 7.5
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter...
CVE-2014-2044 1 Owncloud 1 Owncloud 2018-10-09 7.5
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an...
CVE-2014-2048 1 Owncloud 1 Owncloud 2018-06-13 7.5
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
CVE-2017-8896 1 Owncloud 2 Owncloud Server, Owncloud 2018-06-13 4.3
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
CVE-2014-1665 1 Owncloud 1 Owncloud 2018-04-13 3.5
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CVE-2012-2270 1 Owncloud 1 Owncloud 2018-01-04 5.8
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.