Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49104
An issue exists in ownCloud owncloud/oauth2 prior to 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an malicious user to redirect callbacks to a Top Level Domain controlled by the at...
Owncloud Oauth2
NA
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
NA
CVE-2023-49105
An issue exists in ownCloud owncloud/core prior to 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when ...
Owncloud Owncloud
1 Github repository
1 Article
NA
CVE-2023-24804
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the ...
Owncloud Owncloud
NA
CVE-2023-23948
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `ownclo...
Owncloud Owncloud
NA
CVE-2016-15014
A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protect...
Cesnet Theme-cesnet
NA
CVE-2022-43679
The Docker image of ownCloud Server up to and including 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
Owncloud Owncloud
5
CVSSv2
CVE-2022-31649
ownCloud owncloud/core prior to 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
Owncloud Owncloud
2.1
CVSSv2
CVE-2022-25339
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
Owncloud Owncloud
4.6
CVSSv2
CVE-2022-25338
ownCloud owncloud/android prior to 2.20 has Incorrect Access Control for physically proximate attackers.
Owncloud Owncloud
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »