Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud 3.0.2 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2012-5610
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud prior to 4.0.9 and 4.5.x prior to 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
Owncloud Owncloud 4.0.6
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
383
VMScore
CVE-2012-5606
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 4.0.9 and 4.5.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdpart...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
445
VMScore
CVE-2012-5607
The "Lost Password" reset functionality in ownCloud prior to 4.0.9 and 4.5.0 does not properly check the security token, which allows remote malicious users to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
605
VMScore
CVE-2013-0301
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud prior to 4.0.12 allows remote malicious users to hijack the authentication of users for requests that change the timezone via the timezone parameter.
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.8
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.3
578
VMScore
CVE-2012-5609
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud prior to 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
Owncloud Owncloud
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
578
VMScore
CVE-2013-7344
Unspecified vulnerability in core/settings.php in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.5.4
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud
Owncloud Owncloud 4.0.8
312
VMScore
CVE-2013-0307
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.8
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
605
VMScore
CVE-2013-0299
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.7 allow remote malicious users to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calenda...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.9
Owncloud Owncloud 3.0.0
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.2
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.4
312
VMScore
CVE-2013-0297
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 4.0.12 and 4.5.x prior to 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.0
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.8
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.4
312
VMScore
CVE-2013-1851
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud prior to 4.0.13 and 4.5.x prior to 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 3.0.1
Owncloud Owncloud
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.11
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »