Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

owncloud owncloud vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2

CVE-2014-2049

The default Flash Cross Domain policies in ownCloud prior to 5.0.15 and 6.x prior to 6.0.2 allows remote malicious users to access user files via unspecified vectors.
Owncloud Owncloud 6.0.0Owncloud Owncloud 6.0.1Owncloud OwncloudOwncloud Owncloud 3.0.0Owncloud Owncloud 3.0.1Owncloud Owncloud 3.0.2Owncloud Owncloud 3.0.3Owncloud Owncloud 4.0.0Owncloud Owncloud 4.0.1Owncloud Owncloud 4.0.2Owncloud Owncloud 4.0.3Owncloud Owncloud 4.0.4
4.3
CVSSv2

CVE-2014-2057

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 6.0.2 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Owncloud OwncloudOwncloud Owncloud 3.0.0Owncloud Owncloud 3.0.1Owncloud Owncloud 3.0.2Owncloud Owncloud 3.0.3Owncloud Owncloud 4.0.0Owncloud Owncloud 4.0.1Owncloud Owncloud 4.0.2Owncloud Owncloud 4.0.3Owncloud Owncloud 4.0.4Owncloud Owncloud 4.0.5Owncloud Owncloud 4.0.6
7.5
CVSSv2

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud prior to 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) synt...
Owncloud OwncloudOwncloud Owncloud 3.0.0Owncloud Owncloud 3.0.1Owncloud Owncloud 3.0.2Owncloud Owncloud 3.0.3Owncloud Owncloud 4.0.0Owncloud Owncloud 4.0.1Owncloud Owncloud 4.0.2Owncloud Owncloud 4.0.3Owncloud Owncloud 4.0.4Owncloud Owncloud 4.0.5Owncloud Owncloud 4.0.6
3.5
CVSSv2

CVE-2013-2150

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud prior to 4.5.12 and 5.x prior to 5.0.7 allow remote malicious users to inject arbitrary web script or HTML via vectors related to shared files.
Owncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud OwncloudOwncloud Owncloud 3.0.0Owncloud Owncloud 3.0.1Owncloud Owncloud 3.0.2Owncloud Owncloud 3.0.3
4.3
CVSSv2

CVE-2014-9047

Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x prior to 6.0.6 and 7.x prior to 7.0.3 allow remote malicious users to read arbitrary files via unknown vectors.
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
5
CVSSv2

CVE-2014-9048

The documents application in ownCloud Server 6.x prior to 6.0.6 and 7.x prior to 7.0.3 allows remote malicious users to bypass the password-protection for shared files via the API.
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
6.8
CVSSv2

CVE-2014-9041

The import functionality in the bookmarks application in ownCloud server prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3 does not validate CSRF tokens, which allow remote malicious users to conduct CSRF attacks.
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
3.5
CVSSv2

CVE-2014-9042

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecifi...
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
5
CVSSv2

CVE-2014-9043

The user_ldap (aka LDAP user and group backend) application in ownCloud prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3 allows remote malicious users to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
5
CVSSv2

CVE-2014-9046

The OC_Util::getUrlContent function in ownCloud Server prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3 allows remote malicious users to read arbitrary files via a file:// protocol.
Owncloud OwncloudOwncloud Owncloud 5.0.0Owncloud Owncloud 5.0.1Owncloud Owncloud 5.0.2Owncloud Owncloud 5.0.3Owncloud Owncloud 5.0.4Owncloud Owncloud 5.0.5Owncloud Owncloud 5.0.6Owncloud Owncloud 5.0.7Owncloud Owncloud 5.0.8Owncloud Owncloud 5.0.9Owncloud Owncloud 5.0.10
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
springboot-adminCVE-2025-3989lecmsCVE-2025-3906code injectionCVE-2025-32432CVE-2025-2105CVE-2025-3984wirelessopplustype confusionCVE-2025-29306n150rt
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook