Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-9467
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structu...
Owncloud Owncloud
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2016-9468
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of inf...
Owncloud Owncloud
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-5867
ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
Owncloud Owncloud 9.0.0
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.0.2
Owncloud Owncloud
Owncloud Owncloud 9.0.3
Owncloud Owncloud 9.1.2
Owncloud Owncloud 9.0.5
Owncloud Owncloud 8.2.5
Owncloud Owncloud 8.2.3
Owncloud Owncloud 9.1.0
Owncloud Owncloud 9.1.1
Owncloud Owncloud 8.2.6
Owncloud Owncloud 8.2.7
Owncloud Owncloud 8.2.8
Owncloud Owncloud 8.2.0
Owncloud Owncloud 9.0.4
Owncloud Owncloud 9.0.6
Owncloud Owncloud 8.2.2
Owncloud Owncloud 8.2.4
Owncloud Owncloud 8.2.1
4.3
CVSSv2
CVE-2017-5865
The password reset functionality in ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 sends different error messages depending on whether the username is valid, which allows remote malicious users to enumerate user names via a l...
Owncloud Owncloud 9.0.2
Owncloud Owncloud 9.0.3
Owncloud Owncloud 9.0.4
Owncloud Owncloud 9.0.5
Owncloud Owncloud 9.1.1
Owncloud Owncloud 9.0.0
Owncloud Owncloud 8.2.2
Owncloud Owncloud 8.2.4
Owncloud Owncloud 9.1.0
Owncloud Owncloud 8.2.5
Owncloud Owncloud 8.2.6
Owncloud Owncloud 8.2.7
Owncloud Owncloud 8.2.8
Owncloud Owncloud
Owncloud Owncloud 9.1.2
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.0.6
Owncloud Owncloud 8.2.3
4
CVSSv2
CVE-2017-5866
The autocomplete feature in the E-Mail share dialog in ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
Owncloud Owncloud 9.0.6
Owncloud Owncloud 8.2.5
Owncloud Owncloud 8.2.2
Owncloud Owncloud 8.2.3
Owncloud Owncloud 9.0.0
Owncloud Owncloud 9.1.1
Owncloud Owncloud 9.0.5
Owncloud Owncloud 8.2.4
Owncloud Owncloud 8.2.7
Owncloud Owncloud 9.0.2
Owncloud Owncloud
Owncloud Owncloud 9.0.3
Owncloud Owncloud 9.0.4
Owncloud Owncloud 8.2.0
Owncloud Owncloud 8.2.1
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.1.0
Owncloud Owncloud 9.1.2
Owncloud Owncloud 8.2.6
Owncloud Owncloud 8.2.8
4.6
CVSSv2
CVE-2016-7102
ownCloud Desktop prior to 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
Owncloud Owncloud Desktop Client
4.3
CVSSv2
CVE-2016-5876
ownCloud server prior to 8.2.6 and 9.x prior to 9.0.3, when the gallery app is enabled, allows remote malicious users to download arbitrary images via a direct request.
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.0.0
Owncloud Owncloud 9.0.2
Owncloud Owncloud
3.5
CVSSv2
CVE-2016-7419
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server prior to 9.0.4 and Nextcloud Server prior to 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
Nextcloud Nextcloud Server
Owncloud Owncloud
4.3
CVSSv2
CVE-2016-1498
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server prior to 7.0.12, 8.0.x prior to 8.0.10, 8.1.x prior to 8.1.5, and 8.2.x prior to 8.2.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors ...
Owncloud Owncloud 8.2.1
Owncloud Owncloud
Owncloud Owncloud 8.1.0
Owncloud Owncloud 8.0.9
Owncloud Owncloud 8.0.8
Owncloud Owncloud 8.0.6
Owncloud Owncloud 8.0.5
Owncloud Owncloud 8.1.4
Owncloud Owncloud 8.1.1
Owncloud Owncloud 8.0.3
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.2.0
Owncloud Owncloud 8.1.3
Owncloud Owncloud 8.0.4
Owncloud Owncloud 8.0.2
7.5
CVSSv2
CVE-2016-1499
ownCloud Server prior to 8.0.10, 8.1.x prior to 8.1.5, and 8.2.x prior to 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/...
Owncloud Owncloud 8.1.1
Owncloud Owncloud 8.1.3
Owncloud Owncloud 8.1.4
Owncloud Owncloud 8.2.0
Owncloud Owncloud
Owncloud Owncloud 8.1.0
Owncloud Owncloud 8.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »