Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
6.1
CVSSv3
CVE-2023-49104
An issue exists in ownCloud owncloud/oauth2 prior to 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an malicious user to redirect callbacks to a Top Level Domain controlled by the at...
Owncloud Oauth2
9.8
CVSSv3
CVE-2023-49105
An issue exists in ownCloud owncloud/core prior to 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when ...
Owncloud Owncloud
1 Github repository
1 Article
5.5
CVSSv3
CVE-2023-23948
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `ownclo...
Owncloud Owncloud
4.4
CVSSv3
CVE-2023-24804
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the ...
Owncloud Owncloud
5.5
CVSSv3
CVE-2016-15014
A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protect...
Cesnet Theme-cesnet
5.3
CVSSv3
CVE-2022-43679
The Docker image of ownCloud Server up to and including 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
Owncloud Owncloud
7.5
CVSSv3
CVE-2022-31649
ownCloud owncloud/core prior to 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
Owncloud Owncloud
5.5
CVSSv3
CVE-2022-25339
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
Owncloud Owncloud
6.8
CVSSv3
CVE-2022-25338
ownCloud owncloud/android prior to 2.20 has Incorrect Access Control for physically proximate attackers.
Owncloud Owncloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »