Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4753
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud prior to 4.0.5 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Owncloud Owncloud
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.3
Owncloud Owncloud 4.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
NA
CVE-2014-9049
The documents application in ownCloud Server 6.x prior to 6.0.6 and 7.x prior to 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
Owncloud Owncloud 7.0.1
Owncloud Owncloud 7.0.2
Owncloud Owncloud 6.0.0
Owncloud Owncloud 6.0.1
Owncloud Owncloud 6.0.2
Owncloud Owncloud 6.0.3
Owncloud Owncloud 6.0.5
Owncloud Owncloud 6.0.4
Owncloud Owncloud 7.0.0
NA
CVE-2012-5056
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server prior to 4.0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps...
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.1
NA
CVE-2012-5057
CRLF injection vulnerability in ownCloud Server prior to 4.0.8 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
NA
CVE-2012-5336
lib/base.php in ownCloud prior to 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Owncloud Owncloud 4.0.6
Owncloud Owncloud 4.0.4
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud
Owncloud Owncloud 4.0.5
Owncloud Owncloud 4.0.3
NA
CVE-2013-1822
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x prior to 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated user...
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.7
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.6
NA
CVE-2013-0304
ownCloud Server prior to 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulne...
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.0
Owncloud Owncloud
Owncloud Owncloud 4.5.4
8.5
CVSSv3
CVE-2016-1499
ownCloud Server prior to 8.0.10, 8.1.x prior to 8.1.5, and 8.2.x prior to 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/...
Owncloud Owncloud 8.1.1
Owncloud Owncloud 8.1.3
Owncloud Owncloud 8.1.4
Owncloud Owncloud 8.2.0
Owncloud Owncloud
Owncloud Owncloud 8.1.0
Owncloud Owncloud 8.2.1
NA
CVE-2013-0300
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x prior to 4.5.7 allow remote malicious users to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (...
Owncloud Owncloud 4.5.0
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.6
NA
CVE-2013-0298
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x prior to 4.5.7 allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer....
Owncloud Owncloud 4.5.1
Owncloud Owncloud 4.5.6
Owncloud Owncloud 4.5.2
Owncloud Owncloud 4.5.3
Owncloud Owncloud 4.5.4
Owncloud Owncloud 4.5.5
Owncloud Owncloud 4.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »