Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0302
Unspecified vulnerability in ownCloud Server prior to 4.0.12 allows remote malicious users to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exi...
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.10
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.7
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.9
Owncloud Owncloud
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.8
NA
CVE-2015-5954
The virtual filesystem in ownCloud Server prior to 6.0.9, 7.0.x prior to 7.0.7, and 8.0.x prior to 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via ...
Owncloud Owncloud 7.0.3
Owncloud Owncloud 7.0.5
Owncloud Owncloud 8.0.4
Owncloud Owncloud 7.0.6
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 8.0.3
Owncloud Owncloud 7.0.2
Owncloud Owncloud 7.0.4
Owncloud Owncloud
Owncloud Owncloud 7.0.0
Owncloud Owncloud 7.0.1
NA
CVE-2012-4389
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud prior to 4.0.7 allows remote malicious users to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud
Owncloud Owncloud 3.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.0
NA
CVE-2012-4390
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud prior to 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
NA
CVE-2012-4391
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud prior to 4.0.7 allows remote malicious users to hijack the authentication of administrators for requests that edit the app configurations.
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.4
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.1
NA
CVE-2012-4752
appconfig.php in ownCloud prior to 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
Owncloud Owncloud 3.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
NA
CVE-2012-4393
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud prior to 4.0.6 allow remote malicious users to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calen...
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
NA
CVE-2015-4717
The filename sanitization component in ownCloud Server prior to 6.0.8, 7.0.x prior to 7.0.6, and 8.0.x prior to 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote malicious users to cause a denial of service (infinite loop and log file co...
Owncloud Owncloud 7.0.1
Owncloud Owncloud 7.0.3
Owncloud Owncloud 7.0.5
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 8.0.3
Owncloud Owncloud 7.0.2
Owncloud Owncloud 7.0.4
Owncloud Owncloud
Owncloud Owncloud 7.0.0
NA
CVE-2015-4718
The external SMB storage driver in ownCloud Server prior to 6.0.8, 7.0.x prior to 7.0.6, and 8.0.x prior to 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
Owncloud Owncloud
Owncloud Owncloud 7.0.1
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.0.3
Owncloud Owncloud 7.0.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 7.0.2
Owncloud Owncloud 7.0.3
Owncloud Owncloud 7.0.4
Owncloud Owncloud 7.0.5
NA
CVE-2012-4394
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud prior to 4.0.5 allows remote malicious users to inject arbitrary web script or HTML via the file parameter.
Owncloud Owncloud
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »