Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
5.7
CVSSv3
CVE-2020-36252
ownCloud Server 10.x prior to 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
Owncloud Owncloud
5.7
CVSSv3
CVE-2020-16144
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affe...
Owncloud Files Antivirus
5.5
CVSSv3
CVE-2023-23948
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `ownclo...
Owncloud Owncloud
5.5
CVSSv3
CVE-2016-15014
A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protect...
Cesnet Theme-cesnet
5.5
CVSSv3
CVE-2022-25339
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
Owncloud Owncloud
5.4
CVSSv3
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the password protection when they can force a target client to use a controlled cookie.
Owncloud Owncloud
5.4
CVSSv3
CVE-2013-0203
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/a...
Owncloud Owncloud
5.4
CVSSv3
CVE-2014-1665
Cross-site scripting (XSS) vulnerability in ownCloud prior to 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
Owncloud Owncloud
1 EDB exploit
5.4
CVSSv3
CVE-2017-9338
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server prior to 8.2.12, 9.0.x prior to 9.0.10, 9.1.x prior to 9.1.6, and 10.0.x prior to 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.
Owncloud Owncloud
5.4
CVSSv3
CVE-2017-0891
Nextcloud Server prior to 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
Nextcloud Nextcloud Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »