Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud 3.0.1 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2012-4393
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud prior to 4.0.6 allow remote malicious users to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calen...
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
356
VMScore
CVE-2012-4390
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud prior to 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
605
VMScore
CVE-2012-4389
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud prior to 4.0.7 allows remote malicious users to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
605
VMScore
CVE-2012-4391
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud prior to 4.0.7 allows remote malicious users to hijack the authentication of administrators for requests that edit the app configurations.
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.4
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
578
VMScore
CVE-2012-5610
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud prior to 4.0.9 and 4.5.x prior to 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
Owncloud Owncloud 4.0.6
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
383
VMScore
CVE-2012-5606
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 4.0.9 and 4.5.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdpart...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
445
VMScore
CVE-2012-5607
The "Lost Password" reset functionality in ownCloud prior to 4.0.9 and 4.5.0 does not properly check the security token, which allows remote malicious users to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
605
VMScore
CVE-2013-0301
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud prior to 4.0.12 allows remote malicious users to hijack the authentication of users for requests that change the timezone via the timezone parameter.
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.8
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.3
578
VMScore
CVE-2012-5609
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud prior to 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
Owncloud Owncloud
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
578
VMScore
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.5.4
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud
Owncloud Owncloud 4.0.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »