Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-9465
Nextcloud Server prior to 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing a...
Owncloud Owncloud
Nextcloud Nextcloud Server
5.4
CVSSv3
CVE-2016-7419
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server prior to 9.0.4 and Nextcloud Server prior to 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
Nextcloud Nextcloud Server
Owncloud Owncloud
5.3
CVSSv3
CVE-2022-43679
The Docker image of ownCloud Server up to and including 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
Owncloud Owncloud
5.3
CVSSv3
CVE-2021-35947
The public share controller in the ownCloud server before version 10.8.0 allows a remote malicious user to see the internal path and the username of a public share by including invalid characters in the URL.
Owncloud Owncloud
5.3
CVSSv3
CVE-2021-35949
The shareinfo controller in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the permission checks for upload only shares and list metadata about the share.
Owncloud Owncloud
5.3
CVSSv3
CVE-2017-9339
A logical error in ownCloud Server prior to 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Owncloud Owncloud
5.3
CVSSv3
CVE-2016-9460
Nextcloud Server prior to 9.0.52 & ownCloud Server prior to 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and...
Nextcloud Nextcloud
Owncloud Owncloud
5.3
CVSSv3
CVE-2016-9467
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structu...
Owncloud Owncloud
Nextcloud Nextcloud Server
5.3
CVSSv3
CVE-2016-9468
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of inf...
Owncloud Owncloud
Nextcloud Nextcloud Server
4.9
CVSSv3
CVE-2015-4715
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server prior to 6.0.8, 7.x prior to 7.0.6, and 8.x prior to 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) cha...
Owncloud Owncloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »