Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud 4.0.6 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2012-5336
lib/base.php in ownCloud prior to 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
383
VMScore
CVE-2012-5057
CRLF injection vulnerability in ownCloud Server prior to 4.0.8 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
383
VMScore
CVE-2012-5056
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server prior to 4.0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps...
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
383
VMScore
CVE-2013-0201
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/aja...
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
445
VMScore
CVE-2013-0302
Unspecified vulnerability in ownCloud Server prior to 4.0.12 allows remote malicious users to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exi...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.8
578
VMScore
CVE-2012-5610
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud prior to 4.0.9 and 4.5.x prior to 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
Owncloud Owncloud 4.0.6
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
383
VMScore
CVE-2012-5606
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 4.0.9 and 4.5.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdpart...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.2
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
445
VMScore
CVE-2012-5607
The "Lost Password" reset functionality in ownCloud prior to 4.0.9 and 4.5.0 does not properly check the security token, which allows remote malicious users to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.5.0
383
VMScore
CVE-2012-5665
ownCloud 4.0.x prior to 4.0.10 and 4.5.x prior to 4.5.5 does not properly restrict access to settings.php, which allows remote malicious users to edit app configurations of user_webdavauth and user_ldap by editing this file.
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.0
383
VMScore
CVE-2012-5666
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x prior to 4.0.10 and 4.5.x prior to 4.5.5 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
Owncloud Owncloud 4.0.8
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.9
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »