Vulnerabilites related to ownCloud - ownCloud
Vulnerability from fkie_nvd
Published
2015-05-08 14:59
Modified
2024-11-21 02:28
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*",
"matchCriteriaId": "BCDC6BFB-2431-4EA9-B866-0CACF10C9243",
"versionEndIncluding": "5.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*",
"matchCriteriaId": "85872AC6-A6B1-4217-8FF8-FA0CB2C4A845",
"versionEndIncluding": "6.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*",
"matchCriteriaId": "AA68F8CE-EA46-4448-814D-F1EFBDAD82FE",
"versionEndIncluding": "7.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la aplicaci\u00f3n de contactos en ownCloud Server Community Edition anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un contacto manipulado."
}
],
"id": "CVE-2015-3011",
"lastModified": "2024-11-21T02:28:30.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-08T14:59:02.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74445"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D",
"versionEndExcluding": "9.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC",
"versionEndExcluding": "9.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los permisos de comprobaci\u00f3n de edici\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\u00f3n WebDAV COPY. Esto permiti\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\u00ed nuevos archivos. No fue posible modificar los archivos existentes."
}
],
"id": "CVE-2016-9461",
"lastModified": "2024-11-21T03:01:15.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.840",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97276"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145950"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-09 13:16
Modified
2024-11-21 01:50
Severity ?
Summary
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F56AF42-6C58-4DBB-BA69-06A8F2F81799",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en addressbookprovider.php en ownCloud Server anterior a 5.0.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados, relacionado con la aplicaci\u00f3n de contactos."
}
],
"id": "CVE-2013-1893",
"lastModified": "2024-11-21T01:50:36.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-09T13:16:56.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-012"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58855"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83253"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) \"share with\" field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.8 permiten a usuarios remotos autenticados con privilegios de administrador inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro quota hacia /core/settings/ajax/setquota.php o usuarios remotos autenticados con privilegios de administraci\u00f3n de grupos inyectar script Web o HTML arbitrarios a trav\u00e9s de (2) el campo group hacia settings.php o (3) el campo \"share with\"."
}
],
"id": "CVE-2013-1822",
"lastModified": "2024-11-21T01:50:27.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:04.880",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 17:55
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que (1) cambian la zona horaria para el usuario a trav\u00e9s de los par\u00e1metros lat y lng hacia apps/calendar/ajax/settings/guesstimezone.php, (2) deshabilitan o habilitan la detecci\u00f3n de zona horaria automatica a trav\u00e9s del par\u00e1metro timezonedetection hacia apps/calendar/ajax/settings/timezonedetection.php, (3) importan cuentas de usuario a trav\u00e9s del par\u00e1metro admin_export hacia apps/admin_migrate/settings.php, (4) sobreescriben archivos de usuario a trav\u00e9s del par\u00e1metro operation hacia apps/user_migrate/ajax/export.php o (5) cambian la URL del servidor de autenticaci\u00f3n a trav\u00e9s de vectores no especificados hacia apps/user_ldap/settings.php."
}
],
"id": "CVE-2013-0299",
"lastModified": "2024-11-21T01:47:15.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T17:55:06.937",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-023/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-023/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C054D8-4161-4B1A-A7C2-BC9CF9C40FDC",
"versionEndIncluding": "5.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."
},
{
"lang": "es",
"value": "La p\u00e1gina de inicio de sesi\u00f3n (tambi\u00e9n conocido como index.php) en ownCloud anterior a 5.0.6 no deshabilita la configuraci\u00f3n de autocompletar para el par\u00e1metro password, lo que facilita a atacantes f\u00edsicamente pr\u00f3ximos adivinar la contrase\u00f1a."
}
],
"id": "CVE-2013-2047",
"lastModified": "2024-11-21T01:50:55.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.443",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5EB081-BE10-49B1-8A91-3EC70F6DC6AE",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en ownCloud anterior a v4.0.7, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para solicitudes que editan la configuraci\u00f3n de la app."
}
],
"id": "CVE-2012-4391",
"lastModified": "2024-11-21T01:42:47.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.833",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en apps/user_webdavauth/settings.php en ownCloud v4.5.x antes de v4.5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros POST arbitrarios."
}
],
"id": "CVE-2012-5608",
"lastModified": "2024-11-21T01:44:57.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-18T01:55:07.397",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-003/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/054c168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/054c168"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 07:15
Modified
2024-11-21 05:29
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F53A62C-A759-4FFD-9E40-469E8B0FFC96",
"versionEndExcluding": "10.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else\u0027s access to that share."
},
{
"lang": "es",
"value": "ownCloud Server versiones anteriores a 10.3.0, permite a un atacante, que ha recibido acceso no administrativo a un recurso compartido de grupo, eliminar el acceso de todos los dem\u00e1s a ese recurso compartido"
}
],
"id": "CVE-2020-36251",
"lastModified": "2024-11-21T05:29:09.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T07:15:13.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-022/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-022/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C054D8-4161-4B1A-A7C2-BC9CF9C40FDC",
"versionEndIncluding": "5.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la p\u00e1gina de inicio de sesi\u00f3n (index.php) en ownCloud anterior a 5.0.6 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro redirect_url."
}
],
"id": "CVE-2013-2044",
"lastModified": "2024-11-21T01:50:55.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:05.410",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96430 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96430 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-003 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 8.2.0 | |
| owncloud | owncloud | 8.2.1 | |
| owncloud | owncloud | 8.2.2 | |
| owncloud | owncloud | 8.2.3 | |
| owncloud | owncloud | 8.2.4 | |
| owncloud | owncloud | 8.2.5 | |
| owncloud | owncloud | 8.2.6 | |
| owncloud | owncloud | 8.2.7 | |
| owncloud | owncloud | 8.2.8 | |
| owncloud | owncloud | 9.0.0 | |
| owncloud | owncloud | 9.0.1 | |
| owncloud | owncloud | 9.0.2 | |
| owncloud | owncloud | 9.0.3 | |
| owncloud | owncloud | 9.0.4 | |
| owncloud | owncloud | 9.0.5 | |
| owncloud | owncloud | 9.0.6 | |
| owncloud | owncloud | 9.1.0 | |
| owncloud | owncloud | 9.1.1 | |
| owncloud | owncloud | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2EB67F-2620-434E-9AB5-45293C019F3F",
"versionEndIncluding": "8.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E9C5BC-A6BA-4919-9934-BFAA915CC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF5397-3B98-431B-B235-424A3B6BEFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C35E22D-36A5-495B-8611-7C8B70064A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBDBB20-B519-4683-BB16-63A25AE53D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67AD973F-F06D-46C9-85EB-3521899A257B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8098FF20-D5EA-4F72-A837-0CE7B9761974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0930807A-BA26-4AFF-9B52-EC2EAF5A456D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F81CD71B-7D08-485B-9042-D4CE523FEE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25185B4F-623B-45F5-97C3-A520C96B6CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F31B84D-7A81-426C-8C91-BF86087ED657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CF3111-74DA-4644-9318-4D5CC6FBD1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D52C26E1-C1A1-4834-84C5-C4403E1734D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "377EE3A2-8105-4448-AB9E-C703513CA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB63FC-724C-4FA5-A998-4549A2460A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E74BD31-5BD3-40FE-93BA-CAE23DA681B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D138CF-6623-4E1E-97DC-6DD96FE62C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "578DA4AF-C61B-4796-B5BF-89701D3FB8CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file."
},
{
"lang": "es",
"value": "ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (cuelgue del servidor e inundaci\u00f3n de archivos de registro) a trav\u00e9s de un archivo BMP de un bit"
}
],
"id": "CVE-2017-5867",
"lastModified": "2024-11-21T03:28:33.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B453672C-6C78-4DD9-8C5C-BBC45AF66576",
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en apps/files/js/filelist.js en ownCloud anterior a v4.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro file"
}
],
"id": "CVE-2012-4394",
"lastModified": "2024-11-21T01:42:47.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.960",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 04:15
Modified
2024-11-21 07:05
Severity ?
Summary
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/212.html | Third Party Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2022-31649/ | Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/212.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2022-31649/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED4451A-1462-4448-9DAA-A7817B29E063",
"versionEndExcluding": "10.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer."
},
{
"lang": "es",
"value": "ownCloud owncloud/core antes de 10.10.0 elimina incorrectamente informaci\u00f3n confidencial antes de su almacenamiento o transferencia"
}
],
"id": "CVE-2022-31649",
"lastModified": "2024-11-21T07:05:02.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T04:15:11.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/212.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-31649/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-31649/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-025/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-025/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C054D8-4161-4B1A-A7C2-BC9CF9C40FDC",
"versionEndIncluding": "5.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands."
},
{
"lang": "es",
"value": "ownCloud anterior a 5.0.6 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados ejecutar comandos API arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto puede ser aprovechado mediante el uso de CSRF para permitir a atacantes remotos ejecutar comandos API arbitrarios."
}
],
"id": "CVE-2013-2048",
"lastModified": "2024-11-21T01:50:55.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 18:15
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42C555C2-90F9-4C8A-8D94-F69343002E54",
"versionEndExcluding": "4.0.11",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1427519-7C3F-49F4-8E81-028BCC98C2EE",
"versionEndExcluding": "4.5.6",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en ownCloud versiones 4.5.5, 4.0.10 y anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro action en el archivo core/ajax/sharing.php."
}
],
"id": "CVE-2013-0202",
"lastModified": "2024-11-21T01:47:03.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T18:15:13.107",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-21 22:15
Modified
2024-11-21 08:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117F6462-A2A3-46CB-B795-79C72AF275A8",
"versionEndExcluding": "10.13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ownCloud owncloud/core antes de la versi\u00f3n 10.13.1. Un atacante puede acceder, modificar o eliminar cualquier archivo sin autenticaci\u00f3n si conoce el nombre de usuario de la v\u00edctima y la v\u00edctima no tiene una clave de firma configurada. Esto ocurre porque las URL prefirmadas se pueden aceptar incluso cuando no se configura ninguna clave de firma para el propietario de los archivos. La primera versi\u00f3n afectada es la 10.6.0."
}
],
"id": "CVE-2023-49105",
"lastModified": "2024-11-21T08:32:50.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-21T22:15:08.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://owncloud.org/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://owncloud.org/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-024/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-024/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A59AFC1-032E-43B1-8D51-5A8B4CE9D7C1",
"versionEndIncluding": "4.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter."
},
{
"lang": "es",
"value": "apps/calendar/ajax/events.php en ownCloud anterior a 4.5.11 y 5.x anterior a 5.0.6 no comprueba debidamente la propiedad de un calendario, lo que permite a usuarios remotos autenticados descargar calendarios arbitrarios a trav\u00e9s del par\u00e1metro calendar_id."
}
],
"id": "CVE-2013-2043",
"lastModified": "2024-11-21T01:50:55.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.397",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 21:29
Modified
2024-11-21 03:35
Severity ?
Summary
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-005 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-005 | Broken Link, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3085407E-B978-4DB5-A2D2-0BC66562D474",
"versionEndExcluding": "10.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token."
},
{
"lang": "es",
"value": "Un error l\u00f3gico en ownCloud Server anterior a versi\u00f3n 10.0.2, caus\u00f3 la divulgaci\u00f3n de tokens share v\u00e1lidos para calendarios p\u00fablicos. De este manera, conceder a un atacante acceso potencial a calendarios compartidos p\u00fablicamente sin conocer el token share."
}
],
"id": "CVE-2017-9339",
"lastModified": "2024-11-21T03:35:52.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 19:15
Modified
2024-11-21 06:12
Severity ?
Summary
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2021-35947/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2021-35947/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC02BD9-2D82-4932-A05B-16064EFB5B74",
"versionEndExcluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL."
},
{
"lang": "es",
"value": "El controlador de recursos compartidos p\u00fablicos en el servidor ownCloud versiones anteriores a 10.8.0, permite a un atacante remoto visualizar la ruta interna y el nombre de usuario de un recurso compartido p\u00fablico al incluir caracteres no v\u00e1lidos en la URL"
}
],
"id": "CVE-2021-35947",
"lastModified": "2024-11-21T06:12:48.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T19:15:08.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35947/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35947/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| phpdocx | phpdocx | - | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| phpdocx | phpdocx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpdocx:phpdocx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F029F14A-6ACE-46F9-8AA6-9833D1C9FD7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpdocx:phpdocx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F029F14A-6ACE-46F9-8AA6-9833D1C9FD7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "PHPDocX, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de un ataque de entidad externa XML (XXE)."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/611.html\n\n\"CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\"",
"id": "CVE-2014-2056",
"lastModified": "2024-11-21T02:05:33.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1396EB21-CE64-4EA7-8212-E3F86D7E3C8A",
"versionEndIncluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV."
},
{
"lang": "es",
"value": "lib/base.php en ownCloud anterior a 4.0.8 no valida debidamente la variables de sesi\u00f3n user_id, lo que permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de vectores relacionados con WebDAV."
}
],
"id": "CVE-2012-5336",
"lastModified": "2024-11-21T01:44:32.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-24 18:55
Modified
2024-11-21 01:59
Severity ?
Summary
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B85A2D-8EC4-4662-88E3-7653D33ED30F",
"versionEndIncluding": "5.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB."
},
{
"lang": "es",
"value": "La p\u00e1gina de administraci\u00f3n de ownCloud anteriores a 5.0.13 permite a atacantes remotos sortear restricciones de acceso intencionadas a trav\u00e9s de vectores no especificados, relacionados con MariaDB."
}
],
"id": "CVE-2013-6403",
"lastModified": "2024-11-21T01:59:09.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-24T18:55:20.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55792"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/6"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89323"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-26 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 | |
| owncloud | owncloud | 7.0.3 | |
| owncloud | owncloud | 7.0.4 | |
| owncloud | owncloud | 7.0.5 | |
| owncloud | owncloud | 7.0.6 | |
| owncloud | owncloud | 7.0.7 | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 | |
| owncloud | owncloud | 8.0.5 | |
| owncloud | owncloud | 8.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en ownCloud Server en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 permite a usuarios remotos autenticados listar contenidos del directorio y posiblemente provocar una denegaci\u00f3n de servicio (consumo de la CPU) a trav\u00e9s de .. (punto punto) en el par\u00e1metro dir en index.php/apps/files/ajax/scan.php."
}
],
"id": "CVE-2015-6500",
"lastModified": "2024-11-21T02:35:05.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T14:59:08.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014"
},
{
"source": "cve@mitre.org",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-15 18:15
Modified
2024-11-21 05:07
Severity ?
Summary
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5101B1D-34C3-4451-9BAB-763A1C10D449",
"versionEndExcluding": "10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud (Core) before 10.5 allows XSS in login page \u0027forgot password.\u0027"
},
{
"lang": "es",
"value": "ownCloud (Core) versiones anteriores a 10.5, permite un ataque de tipo XSS en la p\u00e1gina de inicio de sesi\u00f3n \"forgot password\""
}
],
"id": "CVE-2020-16255",
"lastModified": "2024-11-21T05:07:02.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-15T18:15:13.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://owncloud.org/security/advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://owncloud.org/security/advisories/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-20 10:55
Modified
2024-11-21 01:38
Severity ?
Summary
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9816A6-A172-424C-9870-9F373746C625",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en index.php (es decir, la P\u00e1gina de Inicio) en ownCloud v3.0.0 permite a atacantes remotos redirigir a los usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro REDIRECT_URL."
}
],
"id": "CVE-2012-2270",
"lastModified": "2024-11-21T01:38:47.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-20T10:55:01.403",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81211"
},
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FA4A92-1FE7-4E83-B951-F33B0569835B",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393."
},
{
"lang": "es",
"value": "appconfig.php en ownCloud anterior a v4.0.6 no restringe correctamente el acceso, lo que permite a usuarios remotos autenticados editar las configuraciones de aplicaciones a trav\u00e9s de vectores no especificados. NOTA: esto puede ser aprovechado por atacantes no autenticados remotos usando CVE-2012-4393."
}
],
"id": "CVE-2012-4752",
"lastModified": "2024-11-21T01:43:27.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:03.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/changelog/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 15:44
Modified
2024-11-21 01:47
Severity ?
Summary
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2D06C0-2A80-40B1-AEA8-F63FF8CE8CFE",
"versionEndIncluding": "4.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 4.5.7 no comprueba debidamente la propiedad de calendarios, lo que permite a usuarios remotos autenticados leer archivos calendarios arbitrarios a trav\u00e9s del par\u00e1metro calid en /apps/calendar/export.php. NOTA: este problema ha sido reportado como una vulnerabilidad de CSRF, pero debido a una falta de detalles, no est\u00e1 claro cual la causa de ra\u00edz."
}
],
"id": "CVE-2013-0304",
"lastModified": "2024-11-21T01:47:15.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T15:44:07.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/"
},
{
"source": "secalert@redhat.com",
"url": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "211CD02D-1B18-4DC7-BBAA-BCDE260ED1FE",
"versionEndExcluding": "5.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en apps/files_trashbin/index.php en el servidor de ownCloud anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro dir."
}
],
"id": "CVE-2013-2085",
"lastModified": "2024-11-21T01:51:00.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.473",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 18:59
Modified
2024-11-21 02:37
Severity ?
Summary
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:smb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "297ADB76-4B11-4F69-A99E-8C26B293950F",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "524690E4-E6E5-462E-8A97-B50228395B7C",
"versionEndIncluding": "8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php."
},
{
"lang": "es",
"value": "icewind1991 SMB en versiones anteriores a 1.0.3 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a trav\u00e9s de metacaracteres de shell en el argumento user en la funci\u00f3n (1) listShares en server.php o (2) connect o (3) read en Share.php."
}
],
"id": "CVE-2015-7698",
"lastModified": "2024-11-21T02:37:14.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-21T18:59:06.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032"
},
{
"source": "cve@mitre.org",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 02:05
Severity ?
Summary
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://owncloud.org/about/security/advisories/oC-SA-2014-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2014-001/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE396CB-8AD3-4C8B-A8D4-3B83336EB6FD",
"versionEndIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en ownCloud anterior a 6.0.2, cuando PHP est\u00e1 configurado para aceptar par\u00e1metros de sesi\u00f3n mediante una solicitud GET, permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2047",
"lastModified": "2024-11-21T02:05:31.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 16:31
Modified
2024-11-21 02:05
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE396CB-8AD3-4C8B-A8D4-3B83336EB6FD",
"versionEndIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9103C7E8-A6A3-4AF7-B303-4E9EF008EBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud anterior a 6.0.2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2057",
"lastModified": "2024-11-21T02:05:33.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-24T16:31:08.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58090887-D609-4571-BF59-65F8948D737E",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del displayname calendar para part.choosecalendar.rowfields.php o (2) part.choosecalendar.rowfields.shared.php en apps/calendar/templates/; o (3) vectores no especificados para apps/contacts/lib/vcard.php."
}
],
"id": "CVE-2012-4397",
"lastModified": "2024-11-21T01:42:48.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:03.100",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B453672C-6C78-4DD9-8C5C-BBC45AF66576",
"versionEndIncluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en ownCloud anterior a v4.0.5, permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas mediante vectores desconocidos(1) ."
}
],
"id": "CVE-2012-4753",
"lastModified": "2024-11-21T01:43:28.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:03.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 21:59
Modified
2024-11-21 02:46
Severity ?
Summary
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4B5C-11F3-46C5-8A98-1C09E60301AE",
"versionEndIncluding": "8.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB456E3-CFF6-4378-9341-74B244DD042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2439520-80AD-45E9-8551-2C0C7A2C6F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC29D1D1-03EC-48B0-B917-F4E2C6FD3906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E9C5BC-A6BA-4919-9934-BFAA915CC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF5397-3B98-431B-B235-424A3B6BEFAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php."
},
{
"lang": "es",
"value": "ownCloud Server en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible desde un listado de directorio y posiblemente provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s del par\u00e1metro force en index.php/apps/files/ajax/scan.php."
}
],
"id": "CVE-2016-1499",
"lastModified": "2024-11-21T02:46:33.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T21:59:07.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537244/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537556/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537244/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537556/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value."
},
{
"lang": "es",
"value": "index.php en ownCloud v4.0.7 no valida correctamente la cookie oc_token, permitiendo a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de una cookie oc_token hecha a mano."
}
],
"id": "CVE-2012-4392",
"lastModified": "2024-11-21T01:42:47.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D",
"versionEndExcluding": "9.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC",
"versionEndExcluding": "9.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los privilegios de restauraci\u00f3n al restaurar un archivo. La capacidad de restauraci\u00f3n de Nextcloud/ownCloud no estaba verificando si un usuario s\u00f3lo tiene acceso de s\u00f3lo lectura a un recurso compartido. As\u00ed, un usuario con acceso de s\u00f3lo lectura fue capaz de restaurar versiones antiguas."
}
],
"id": "CVE-2016-9462",
"lastModified": "2024-11-21T03:01:15.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.887",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97285"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/146067"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/146067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://owncloud.org/about/security/advisories/oC-SA-2014-009/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2014-009/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0860091A-4139-4FC0-BE08-4046B948346C",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 6.0.1 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados acceder a vistas preliminares de im\u00e1genes a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3963",
"lastModified": "2024-11-21T02:09:13.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:07.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5EB081-BE10-49B1-8A91-3EC70F6DC6AE",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors."
},
{
"lang": "es",
"value": "(1) apps/calendar/appinfo/remote.php y (2) apps/contacts/appinfo/remote.php en ownCloud anterior a v4.0.7 permite a usuarios remotos autenticados enumerar los usuarios registrados mediante vectores desconocidos."
}
],
"id": "CVE-2012-4390",
"lastModified": "2024-11-21T01:42:47.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.787",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-26 15:59
Modified
2024-11-21 02:37
Severity ?
Summary
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 | |
| owncloud | owncloud | 7.0.3 | |
| owncloud | owncloud | 7.0.4 | |
| owncloud | owncloud | 7.0.5 | |
| owncloud | owncloud | 7.0.6 | |
| owncloud | owncloud | 7.0.7 | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 | |
| owncloud | owncloud | 8.0.5 | |
| owncloud | owncloud | 8.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to \"objectstore.\""
},
{
"lang": "es",
"value": "La aplicaci\u00f3n files_external en ownCloud Server en versiones anteriores a 7.0.9, 8.0.x en versiones anteriores a 8.0.7 y 8.1.x en versiones anteriores a 8.1.2 permite a usuarios remotos autenticados instanciar clases arbitrarias o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una opci\u00f3n de punto de montaje manipulada, relacionada con \u0027objectstore\u0027."
}
],
"id": "CVE-2015-7699",
"lastModified": "2024-11-21T02:37:14.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T15:59:00.103",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/owncloud/core/pull/18558"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/pull/18558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 19:15
Modified
2024-11-21 06:12
Severity ?
Summary
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2021-35949/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2021-35949/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC02BD9-2D82-4932-A05B-16064EFB5B74",
"versionEndExcluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share."
},
{
"lang": "es",
"value": "El controlador shareinfo en el servidor ownCloud versiones anteriores a 10.8.0, permite a un atacante omitir las comprobaciones de permisos para los recursos compartidos s\u00f3lo de carga y listar los metadatos sobre el recurso compartido"
}
],
"id": "CVE-2021-35949",
"lastModified": "2024-11-21T06:12:48.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T19:15:08.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35949/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35949/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n documents en ownCloud Server 6.x anterior a 6.0.6 y 7.x anterior a 7.0.3 permite a usuarios remotos autenticados obtener todos los identificadores de sesiones v\u00e1lidos a trav\u00e9s de un m\u00e9todo de la API no especificado."
}
],
"id": "CVE-2014-9049",
"lastModified": "2024-11-21T02:20:10.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:08.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file."
},
{
"lang": "es",
"value": "ownCloud v4.0.x antes de v4.0.10 y v4.5.x antes de v4.5.5 no restringe el acceso a settings.php, lo que permite a atacantes remotos editar las configuraciones de aplicaciones de user_webdavauth y user_ldap modificando este archivo."
}
],
"id": "CVE-2012-5665",
"lastModified": "2024-11-21T01:45:04.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:03.873",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51614"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/c4ecbad"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/db7ca53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/c4ecbad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/db7ca53"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:11
Severity ?
Summary
The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32DA7236-3872-4596-84C1-D9096FB9F246",
"versionEndIncluding": "6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network."
},
{
"lang": "es",
"value": "El controlador del almacenaje externo de SFTP (files_external) en ownCloud Server anterior a 6.0.5 valida la clave del anfitri\u00f3n RSA despu\u00e9s del inicio de sesi\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de trafico de la red."
}
],
"id": "CVE-2014-5341",
"lastModified": "2024-11-21T02:11:52.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-04T18:59:00.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.0.13 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "141A8FE4-BFA1-4135-A3C9-9B038C08EA2B",
"versionEndIncluding": "4.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro url hacia (1) apps/bookmarks/ajax/addBookmark.php o (2) apps/bookmarks/ajax/editBookmark.php."
}
],
"id": "CVE-2013-2042",
"lastModified": "2024-11-21T01:50:55.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:05.380",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:05
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91971 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisories/host-header-poisoning/ | Not Applicable | |
| cve@mitre.org | https://www.securityfocus.com/bid/66221 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/host-header-poisoning/ | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/66221 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "266B14BE-B8FA-4C64-8603-A733EA0E58B1",
"versionEndExcluding": "5.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF2936C-CCA8-4FD9-A64A-C8CE1A9A0021",
"versionEndExcluding": "6.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ownCloud Server versiones anteriores a 5.0.15 y versiones 6.0.x anteriores a 6.0.2, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para peticiones que restablecen las contrase\u00f1as por medio de un encabezado HTTP Host dise\u00f1ado."
}
],
"id": "CVE-2014-2050",
"lastModified": "2024-11-21T02:05:32.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T20:15:11.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://owncloud.org/security/advisories/host-header-poisoning/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://owncloud.org/security/advisories/host-header-poisoning/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-10 21:15
Modified
2024-11-21 07:27
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://owncloud.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com | Product, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A74C87D-9E1C-41A5-9B62-D57AC39F3BCB",
"versionEndIncluding": "10.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages."
},
{
"lang": "es",
"value": "La imagen de Docker de ownCloud Server hasta 10.11 contiene una configuraci\u00f3n incorrecta que inutiliza la configuraci\u00f3n de Trusted_domains. Se podr\u00eda abusar de esto para falsificar la URL en mensajes de correo electr\u00f3nico de restablecimiento de contrase\u00f1a."
}
],
"id": "CVE-2022-43679",
"lastModified": "2024-11-21T07:27:01.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-10T21:15:11.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://owncloud.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://owncloud.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-17 21:59
Modified
2024-11-21 02:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C653C0-53CE-4CC6-99C5-DB1AC94D539B",
"versionEndIncluding": "9.0.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC698542-23B9-4101-BD01-10D2FB0870E9",
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en share.js en la aplicaci\u00f3n de galer\u00eda en ownCloud Server en versiones anteriores a 9.0.4 y Nextcloud Server en versiones anteriores a 9.0.52 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de directorio manipulado."
}
],
"id": "CVE-2016-7419",
"lastModified": "2024-11-21T02:57:58.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-17T21:59:11.777",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92373"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145355"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 18:59
Modified
2024-11-21 02:31
Severity ?
Summary
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA5A71D-4E4A-419F-8EB4-5B0D2F4BD136",
"versionEndIncluding": "7.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el componente routing en ownCloud Server en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4, cuando se ejecuta en Windows, permite a atacantes remotos reinstalar la aplicaci\u00f3n o ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-4716",
"lastModified": "2024-11-21T02:31:36.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-21T18:59:00.110",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76159"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 02:05
Severity ?
Summary
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://owncloud.org/about/security/advisories/oC-SA-2014-003/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2014-003/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "738AAE42-B797-4341-88FA-515A07CF7529",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9103C7E8-A6A3-4AF7-B303-4E9EF008EBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors."
},
{
"lang": "es",
"value": "Las pol\u00edticas de Flash Cross Domain por defecto en ownCloud anterior a 5.0.15 y 6.x anterior a 6.0.2 permite a atacantes remotos acceder a archivos de usuario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2049",
"lastModified": "2024-11-21T02:05:32.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-20 10:55
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9816A6-A172-424C-9870-9F373746C625",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en ownCloud v3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un campo arbitrario a apps/contacts/AJAX/addcard.php, (2) el par\u00e1metro \u0027parameter\u0027 a apps/contacts/AJAX/addproperty.php, (3) el par\u00e1metro \u0027name a apps/contacts/AJAX/createaddressbook, (4) el par\u00e1metro \u0027file\u0027 a files/download.php, o los par\u00e1metros (5) \u0027name\u0027, (6) \u0027user\u0027, o (7) \u0027redirect_url\u0027 a files/index.php."
}
],
"id": "CVE-2012-2269",
"lastModified": "2024-11-21T01:38:47.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-20T10:55:01.357",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81206"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81207"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81208"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81209"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81210"
},
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/security/advisories/CVE-2012-2269/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/security/advisories/CVE-2012-2269/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6CC4D0-A201-42E5-AC5E-617179FA441E",
"versionEndExcluding": "1.6.9",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C11FC69F-A24F-45A0-B78E-D7831E20E8B9",
"versionEndExcluding": "1.7.7",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9AFA14-DF70-48AE-A5F4-F75668D01C55",
"versionEndExcluding": "1.8.5",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80869418-F6A2-4D8B-BC2A-AA648BB84FF8",
"versionEndExcluding": "4.0.14",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E831542E-2D13-4C84-A94A-0EB8DADD77A1",
"versionEndExcluding": "4.5.9",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB4A18C-5F51-4B3A-8DD9-E11BA580F614",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTML\\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \\ (backslash) character."
},
{
"lang": "es",
"value": "El plugin HTML\\Browser en SabreDAV anterior a 1.6.9, 1.7.x anterior a 1.7.7 y 1.8.x anterior a 1.8.5, utilizado en ownCloud, cuando se ejecuta en Windows, no comprueba debidamente los separadores de rutas en la ruta base, lo que permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un caracter \\ (barra invertida)."
}
],
"id": "CVE-2013-1939",
"lastModified": "2024-11-21T01:50:42.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:04.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C693FA-5ED0-4C73-9DF3-274D8445AC87",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de lista negra incompleta en (1) import.php y (2) ajax/uploadimport.php en apps/contacts/ en ownCloud anterior a 4.0.13 y 4.5.x anterior a 4.5.8 permiten a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la subida de un archivo .htaccess."
}
],
"id": "CVE-2013-1850",
"lastModified": "2024-11-21T01:50:31.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:04.910",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getid3 | getid3 | * | |
| getid3 | getid3 | 1.9.0 | |
| getid3 | getid3 | 1.9.1 | |
| getid3 | getid3 | 1.9.2 | |
| getid3 | getid3 | 1.9.3 | |
| getid3 | getid3 | 1.9.4 | |
| getid3 | getid3 | 1.9.5 | |
| getid3 | getid3 | 1.9.6 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| getid3 | getid3 | * | |
| getid3 | getid3 | 1.9.0 | |
| getid3 | getid3 | 1.9.1 | |
| getid3 | getid3 | 1.9.2 | |
| getid3 | getid3 | 1.9.3 | |
| getid3 | getid3 | 1.9.4 | |
| getid3 | getid3 | 1.9.5 | |
| getid3 | getid3 | 1.9.6 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getid3:getid3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE8C089-AD55-44B6-A339-A2C9704B553E",
"versionEndIncluding": "1.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD1A9EF-8E36-4DC2-B8C8-F53DF1E67021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "082C4DC6-92ED-4F5C-A1C3-33ED05D35777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9D3F2-6E2B-43AC-A110-8A2161CA3ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1372B8-0C2F-4545-943D-21D8BF2A6246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "6F4BE5F7-0CE4-4116-B069-3FD741E81428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5BCC7F-62B5-4C6F-B8C9-8E1AF03C8F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFFAC3A-8848-4E63-812B-F69D213748D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getid3:getid3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE8C089-AD55-44B6-A339-A2C9704B553E",
"versionEndIncluding": "1.9.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD1A9EF-8E36-4DC2-B8C8-F53DF1E67021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "082C4DC6-92ED-4F5C-A1C3-33ED05D35777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9D3F2-6E2B-43AC-A110-8A2161CA3ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1372B8-0C2F-4545-943D-21D8BF2A6246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.4:b1:*:*:*:*:*:*",
"matchCriteriaId": "6F4BE5F7-0CE4-4116-B069-3FD741E81428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5BCC7F-62B5-4C6F-B8C9-8E1AF03C8F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getid3:getid3:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFFAC3A-8848-4E63-812B-F69D213748D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "getID3() anterior a 1.9.8, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de un ataque de entidad externa XML (XXE)."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/611.html\n\n\"CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\"",
"id": "CVE-2014-2053",
"lastModified": "2024-11-21T02:05:32.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://getid3.sourceforge.net/source/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58002"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"source": "cve@mitre.org",
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://getid3.sourceforge.net/source/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-17 19:15
Modified
2024-11-21 02:31
Severity ?
Summary
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/76158 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a | Patch, Third Party Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/ | Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2015-005 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76158 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2015-005 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5036FE-87F4-4F7C-BDD7-D17ACEC309FC",
"versionEndExcluding": "6.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643EF10C-CEDD-4E4C-989F-9EBCD1464BAE",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED7A074-1669-4F4E-A299-9B9A76734B72",
"versionEndExcluding": "8.0.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values."
},
{
"lang": "es",
"value": "La funci\u00f3n fetch en el archivo OAuth/Curl.php en Dropbox-PHP, como es usado en ownCloud Server versiones anteriores a 6.0.8, versiones 7.x anteriores a 7.0.6 y versiones 8.x anteriores a 8.0.4, cuando un almacenamiento externo de Dropbox ha sido montado, permite a administradores remotos de Dropbox.com leer archivos arbitrarios por medio de un car\u00e1cter @ (en el signo) en valores POST no especificados."
}
],
"id": "CVE-2015-4715",
"lastModified": "2024-11-21T02:31:36.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T19:15:11.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB005B3-22C4-4365-B287-FBF77657DE66",
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name."
},
{
"lang": "es",
"value": "Vulnerabilidad lista negra incompleta en lib/filesystem.php en ownCloud antes de v4.0.9 y v4.5.x antes de v4.5.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo con un nombre especial manipulado."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html \u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2012-5610",
"lastModified": "2024-11-21T01:44:57.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T01:55:07.507",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/3cd416b667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f599267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/3cd416b667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f599267"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| phpexcel_project | phpexcel | * | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| phpexcel_project | phpexcel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpexcel_project:phpexcel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F54EA98-9036-41FD-B69C-8B2FA7D07E3B",
"versionEndIncluding": "1.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpexcel_project:phpexcel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F54EA98-9036-41FD-B69C-8B2FA7D07E3B",
"versionEndIncluding": "1.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "PHPExcel anterior a 1.8.0, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, no deshabilita la carga de entidades externas en libxml, lo que permite a atacantes remotos leer archivos arbitrarios, causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de un ataque de entidad externa XML (XXE)."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/611.html\n\n\"CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\"",
"id": "CVE-2014-2054",
"lastModified": "2024-11-21T02:05:32.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 21:59
Modified
2024-11-21 02:46
Severity ?
Summary
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 | |
| owncloud | owncloud | 8.0.5 | |
| owncloud | owncloud | 8.0.6 | |
| owncloud | owncloud | 8.0.8 | |
| owncloud | owncloud | 8.0.9 | |
| owncloud | owncloud | 8.1.0 | |
| owncloud | owncloud | 8.1.1 | |
| owncloud | owncloud | 8.1.3 | |
| owncloud | owncloud | 8.1.4 | |
| owncloud | owncloud | 8.2.0 | |
| owncloud | owncloud | 8.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED68463-3D2F-4227-8202-BE10AE025374",
"versionEndIncluding": "7.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE3AB7D-04F1-4F0B-BFFE-4260C8E13A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "259D042F-CB8A-434C-9923-E50E92F3129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D2784965-324F-4455-97DC-7183DE7A4293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB456E3-CFF6-4378-9341-74B244DD042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2439520-80AD-45E9-8551-2C0C7A2C6F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC29D1D1-03EC-48B0-B917-F4E2C6FD3906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E9C5BC-A6BA-4919-9934-BFAA915CC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF5397-3B98-431B-B235-424A3B6BEFAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the \"file_versions\" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with \".v\" and belonging to a sharing user by leveraging an incoming share."
},
{
"lang": "es",
"value": "ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2, cuando la aplicaci\u00f3n \"file_versions\" est\u00e1 habilitada, no comprueba adecuadamente el valor de retorno de getOwner, lo que permite a usuarios remotos autenticados leer los archivos con nombres que comienzan con \".v\" y pertenecen a un usario compartiendo mediante el aprovechamiento de una compartici\u00f3n entrante."
}
],
"id": "CVE-2016-1500",
"lastModified": "2024-11-21T02:46:33.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T21:59:08.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:55
Severity ?
Summary
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BD1853-3059-4C6F-BDC5-4E6760403C2C",
"versionEndIncluding": "8.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25185B4F-623B-45F5-97C3-A520C96B6CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F31B84D-7A81-426C-8C91-BF86087ED657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CF3111-74DA-4644-9318-4D5CC6FBD1CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request."
},
{
"lang": "es",
"value": "ownCloud server en versiones anteriores a 8.2.6 y 9.x en versiones anteriores a 9.0.3, cuando la aplicaci\u00f3n de galer\u00eda est\u00e1 habilitada, permite a atacantes remotos descargar im\u00e1genes arbitrarias a trav\u00e9s de una solicitud directa."
}
],
"id": "CVE-2016-5876",
"lastModified": "2024-11-21T02:55:10.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:01.860",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95861"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password."
},
{
"lang": "es",
"value": "El backend de FTP en user_external en ownCloud Server anterior a 5.0.18 y 6.x anterior a 6.0.6 permite a atacantes remotos evadir los requisitos de la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a manipulada."
}
],
"id": "CVE-2014-9045",
"lastModified": "2024-11-21T02:20:09.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:05.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 07:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/ | Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/changelog/server/ | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/changelog/server/ | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27FAF650-B449-4EF0-BA23-F36C3D2E7DC8",
"versionEndExcluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ownCloud versiones anteriores a 10.4.\u0026#xa0;Un atacante puede omitir la autenticaci\u00f3n en una imagen protegida por contrase\u00f1a al mostrar su vista previa"
}
],
"id": "CVE-2020-10254",
"lastModified": "2024-11-21T04:55:04.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T07:15:13.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://owncloud.org/changelog/server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F368-B854-430E-AB8F-496675C4E210",
"versionEndExcluding": "9.0.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FD87EC-3ADE-457D-8397-6CD89D300ADF",
"versionEndIncluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8CCC5C-D019-4A80-BD8D-3914BFFC60C0",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.54 and 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de contenido de suplantaci\u00f3n en la aplicaci\u00f3n dav. El mensaje de excepci\u00f3n que se muestra en los puntos finales DAV conten\u00eda una entrada parcialmente controlable por el usuario que conduc\u00eda a una posible representaci\u00f3n err\u00f3nea de la informaci\u00f3n."
}
],
"id": "CVE-2016-9468",
"lastModified": "2024-11-21T03:01:16.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.200",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/149798"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/149798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA20301-F66D-40C3-8E61-D37867C54429",
"versionEndIncluding": "5.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en los componentes (1) Gallery y (2) Core en ownCloud Server anterior a 5.016 y 6.0.x anterior a 6.0.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, posiblemente relacionado con la funci\u00f3n print_unescaped."
}
],
"id": "CVE-2014-3833",
"lastModified": "2024-11-21T02:08:56.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:04.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-22 19:15
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/81478 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/81478 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F128DCE0-DBF3-4CD3-B091-6CC06616D786",
"versionEndIncluding": "4.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C6BAE9-FABC-4840-986B-73FD3423212B",
"versionEndIncluding": "4.5.5",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en ownCloud versiones 4.5.5, 4.0.10 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de los (1) par\u00e1metros no especificados en el archivo apps/calendar/ajax/event/new.php o (2) par\u00e1metro url en el archivo apps/bookmarks/ajax/addBookmark.php."
}
],
"id": "CVE-2013-0203",
"lastModified": "2024-11-21T01:47:03.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T19:15:11.373",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 20:15
Modified
2024-11-21 06:12
Severity ?
Summary
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2021-35948/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2021-35948/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC02BD9-2D82-4932-A05B-16064EFB5B74",
"versionEndExcluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie."
},
{
"lang": "es",
"value": "Una fijaci\u00f3n de la sesi\u00f3n en enlaces p\u00fablicos protegidos por contrase\u00f1a en el servidor ownCloud versiones anteriores a 10.8.0, permite a un atacante omitir la protecci\u00f3n por contrase\u00f1a cuando puede forzar a un cliente objetivo a usar una cookie controlada"
}
],
"id": "CVE-2021-35948",
"lastModified": "2024-11-21T06:12:48.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T20:15:07.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35948/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35948/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 21:29
Modified
2024-11-21 03:35
Severity ?
Summary
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99322 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-007 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99322 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-007 | Broken Link, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EBF784-F3A9-49C5-9F81-26E9EA30FE94",
"versionEndExcluding": "8.2.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07198AE4-DE06-4CA0-B587-9A3EBF86EFDE",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC3E2BC-FC00-419B-A9CF-54C7020A7F23",
"versionEndExcluding": "9.1.6",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2405B337-B1FA-4CB0-87DE-DBD63558A80E",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue."
},
{
"lang": "es",
"value": "Un escape inadecuado conlleva a una vulnerabilidad de tipo XSS en el m\u00f3dulo de b\u00fasqueda en ownCloud Server anterior a versi\u00f3n 8.2.12, versi\u00f3n 9.0.x anterior a 9.0.10, versi\u00f3n 9.1.x anterior a 9.1.6 y versi\u00f3n 10.0.x anterior a 10.0.2. Para poder ser explotada, un usuario tiene que escribir o pegar contenido malicioso en el cuadro de di\u00e1logo de b\u00fasqueda."
}
],
"id": "CVE-2017-9338",
"lastModified": "2024-11-21T03:35:51.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99322"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288B81D-CA35-46EB-A7E7-B60B193E3F81",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8CCC5C-D019-4A80-BD8D-3914BFFC60C0",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de XSS almacenado en la exportaci\u00f3n de im\u00e1genes CardDAV. La funcionalidad de exportaci\u00f3n de im\u00e1genes CardDAV implementada en Nextcloud/ownCloud permite descargar im\u00e1genes almacenadas dentro de una vCard. Debido a que no realiza ning\u00fan tipo de verificaci\u00f3n en el contenido de la imagen, esto es propenso a un ataque de secuencias de comandos entre sitios."
}
],
"id": "CVE-2016-9465",
"lastModified": "2024-11-21T03:01:16.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.043",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/163338"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/163338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a administradores remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) site_name o (2) site_url hacia apps/external/ajax/setsites.php."
}
],
"id": "CVE-2013-0297",
"lastModified": "2024-11-21T01:47:15.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T15:55:05.387",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 01:43
Severity ?
Summary
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1396EB21-CE64-4EA7-8212-E3F86D7E3C8A",
"versionEndIncluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en ownCloud Server anterior a 4.0.8 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s del par\u00e1metro url path."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"",
"id": "CVE-2012-5057",
"lastModified": "2024-11-21T01:43:56.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D",
"versionEndExcluding": "9.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC",
"versionEndExcluding": "9.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 son vulnerables a una vulnerabilidad de contaminaci\u00f3n de registro que potencialmente conduce a una XSS local. La funcionalidad de registro de descarga en la pantalla de administraci\u00f3n proporciona el registro en formato JSON al usuario final. El archivo se entreg\u00f3 con una disposici\u00f3n de adjuntos forzando al navegador a descargar el documento. Sin embargo, Firefox que funciona en Microsoft Windows ofrecer\u00eda al usuario abrir los datos en el navegador como documento HTML. As\u00ed, cualquier dato inyectado en el registro ser\u00eda ejecutado."
}
],
"id": "CVE-2016-9459",
"lastModified": "2024-11-21T03:01:15.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.730",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97284"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/146278"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/146278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 21:59
Modified
2024-11-21 02:46
Severity ?
Summary
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D08C7DB-3F02-4382-9867-0F5EB4F0F237",
"versionEndIncluding": "8.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB456E3-CFF6-4378-9341-74B244DD042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2439520-80AD-45E9-8551-2C0C7A2C6F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages."
},
{
"lang": "es",
"value": "ownCloud Server en versiones anteriores a 8.0.9 y 8.1.x en versiones anteriores a 8.1.4 permiten a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, lo que revela la ruta de instalaci\u00f3n en los mensajes de excepci\u00f3n resultantes."
}
],
"id": "CVE-2016-1501",
"lastModified": "2024-11-21T02:46:34.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T21:59:09.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-20 21:29
Modified
2024-11-21 02:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91CD8DA9-3FD0-49F9-BB8F-33B09A0DDEB7",
"versionEndExcluding": "6.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en ownCloud en versiones anteriores a la 6.0.1 permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante el nombre de archivo de un archivo subido."
}
],
"id": "CVE-2014-1665",
"lastModified": "2024-11-21T02:04:47.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-20T21:29:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65457"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/125086"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/31427/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/125086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/31427/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-09 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D8D0EB-7183-44B3-9C7C-28AC797EFA12",
"versionEndExcluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version \u003c 10.6."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n del token CSRF (Cross Site Request Forgery) se implement\u00f3 inapropiadamente en unas peticiones autenticadas por cookies en algunos endpoints de la API ocs.\u0026#xa0;Esto afecta a ownCloud/core versi\u00f3n anterior a 10.6"
}
],
"id": "CVE-2020-28644",
"lastModified": "2024-11-21T05:23:05.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-09T19:15:13.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5EB081-BE10-49B1-8A91-3EC70F6DC6AE",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file."
},
{
"lang": "es",
"value": "Vulnerabilidad de incompatibilidad en lib/migrate.php en ownCloud anterior a v4.0.7 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la carga de un archivo .htaccess en un archivo import.zip y el acceso a un archivo PHP cargado."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\r\n\r\n\u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2012-4389",
"lastModified": "2024-11-21T01:42:47.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.757",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-07 20:15
Modified
2024-11-21 06:12
Severity ?
Summary
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2021-35946/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2021-35946/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC02BD9-2D82-4932-A05B-16064EFB5B74",
"versionEndExcluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions."
},
{
"lang": "es",
"value": "Un receptor de un recurso compartido federado con acceso a la base de datos con ownCloud versiones anteriores a 10.8, podr\u00eda actualizar los permisos y, por tanto, elevar sus propios permisos"
}
],
"id": "CVE-2021-35946",
"lastModified": "2024-11-21T06:12:48.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T20:15:07.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35946/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35946/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-06 23:55
Modified
2024-11-21 02:05
Severity ?
Summary
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.0.13 | |
| owncloud | owncloud | 4.0.14 | |
| owncloud | owncloud | 4.0.15 | |
| owncloud | owncloud | 4.0.16 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 | |
| owncloud | owncloud | 4.5.11 | |
| owncloud | owncloud | 4.5.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E00A66E-D01C-4452-9191-CC9E2FC4FDB9",
"versionEndIncluding": "4.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remotos autenticados evadir las restricciones de acceso, subir ficheros con nombres arbitrarios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sintaxis Alternate Data Stream (ADS) en el par\u00e1metro filename, tal y como fue demostrado al utilizar .htaccess::$DATA para subir un programa PHP."
}
],
"id": "CVE-2014-2044",
"lastModified": "2024-11-21T02:05:31.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-06T23:55:08.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Mar/45"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57267"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32162"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/104082"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66000"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Mar/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/32162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/104082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack."
},
{
"lang": "es",
"value": "Asset Pipeline en ownCloud 7.x anterior a 7.0.3 utiliza un hash de MD5 de las rutas de ficheros absolutas de los ficheros originales de CSS y JS como el nombre del fichero concatenado, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-9044",
"lastModified": "2024-11-21T02:20:09.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:04.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 17:02
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F128DCE0-DBF3-4CD3-B091-6CC06616D786",
"versionEndIncluding": "4.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud 4.5.5, 4.0.10 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de la (1) QUERY_STRING a core/lostpassword/templates/resetpassword.php, (2) par\u00e1metro mime a apps/files/ajax/mimeicon.php o (3) par\u00e1metro token a apps/gallery/sharing.php"
}
],
"id": "CVE-2013-0201",
"lastModified": "2024-11-21T01:47:03.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-18T17:02:50.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89511"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-001"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4e2b834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/b8e0309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4e2b834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/b8e0309"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A84375DC-237B-4100-99EB-1EA524B6D08E",
"versionEndIncluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 6.0.3 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados (1) acceder a los contactos de otros usuarios a trav\u00e9s del libro de direcciones o (2) renombrar archivos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3834",
"lastModified": "2024-11-21T02:08:57.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99321 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://hackerone.com/reports/215410 | Third Party Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-004 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99321 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/215410 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-004 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6540BB0-D15D-4E2F-A1C6-89BD41B51F89",
"versionEndIncluding": "8.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B54771-D38B-46A3-8F5B-D34140E6967F",
"versionEndIncluding": "9.0.9",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B28E556F-FE12-4349-BE74-978CC3C2C296",
"versionEndIncluding": "9.1.5",
"versionStartExcluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2405B337-B1FA-4CB0-87DE-DBD63558A80E",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters."
},
{
"lang": "es",
"value": "OwnCloud Server anterior a versi\u00f3n 8.2.12, versi\u00f3n 9.0.x anterior a 9.0.10, versi\u00f3n 9.1.x anterior a 9.1.6 y versi\u00f3n 10.0.x anterior a 10.0.2, son vulnerables a un problema de tipo XSS en p\u00e1ginas de error mediante la inyecci\u00f3n de c\u00f3digo en los par\u00e1metros URL."
}
],
"id": "CVE-2017-8896",
"lastModified": "2024-11-21T03:34:55.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99321"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/215410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/215410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 13:15
Modified
2024-11-21 06:01
Severity ?
Summary
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/cve-2021-29659/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doc.owncloud.com/server/admin_manual/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/cve-2021-29659/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:10.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "FE1F2F72-315E-4F05-8CF6-093A9B9A9696",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance."
},
{
"lang": "es",
"value": "ownCloud versi\u00f3n 10.7, presenta una vulnerabilidad de control de acceso incorrecto, conllevando a una divulgaci\u00f3n de informaci\u00f3n remota.\u0026#xa0;Debido a un bug en el endpoint de la API relacionada, el atacante puede enumerar a todos los usuarios en una sola petici\u00f3n al ingresar tres espacios en blanco.\u0026#xa0;En segundo lugar, la recuperaci\u00f3n de todos los usuarios en una instancia grande podr\u00eda causar una carga superior a la media en la instancia"
}
],
"id": "CVE-2021-29659",
"lastModified": "2024-11-21T06:01:35.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T13:15:07.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-29659/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2021-29659/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 02:05
Severity ?
Summary
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisories/xxe-multiple-third-party-components/ | Vendor Advisory | |
| cve@mitre.org | https://www.securityfocus.com/bid/66222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/xxe-multiple-third-party-components/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/66222 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "266B14BE-B8FA-4C64-8603-A733EA0E58B1",
"versionEndExcluding": "5.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF2936C-CCA8-4FD9-A64A-C8CE1A9A0021",
"versionEndExcluding": "6.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "Zend Framework, como es usado en ownCloud Server versiones anteriores a 5.0.15 y versiones 6.0.x anteriores a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto por medio de un ataque de tipo XML External Entity (XXE)."
}
],
"id": "CVE-2014-2052",
"lastModified": "2024-11-21T02:05:32.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T16:15:12.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66222"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol."
},
{
"lang": "es",
"value": "La funci\u00f3n OC_Util::getUrlContent en ownCloud Server anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un protocolo file://."
}
],
"id": "CVE-2014-9046",
"lastModified": "2024-11-21T02:20:09.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:06.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-09 13:16
Modified
2024-11-21 01:50
Severity ?
Summary
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en lib/db.php en ownCloud Server 5.0.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2045",
"lastModified": "2024-11-21T01:50:55.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-09T13:16:56.257",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/93384"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/324"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 15:44
Modified
2024-11-21 02:05
Severity ?
Summary
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://owncloud.org/about/security/advisories/oC-SA-2014-005/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2014-005/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a \"login query.\""
},
{
"lang": "es",
"value": "ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2 permite a atacantes remotos realizar un ataque de inyecci\u00f3n LDAP a trav\u00e9s de vectores no especificados, tal y como fue demostrado utilizando una \u0027consulta de inicio de sesi\u00f3n.\u0027"
}
],
"id": "CVE-2014-2051",
"lastModified": "2024-11-21T02:05:32.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T15:44:07.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.0.13 | |
| owncloud | owncloud | 4.0.14 | |
| owncloud | owncloud | 4.0.15 | |
| owncloud | owncloud | 4.0.16 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "587E03C2-2248-4D2C-AAC8-78B09366B411",
"versionEndIncluding": "4.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en js/viewer.js en ownCloud anterior a 4.5.12 y 5.x anterior a 5.0.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores relacionados con archivos compartidos."
}
],
"evaluatorComment": "Per: http://owncloud.org/about/security/advisories/oC-SA-2013-028/\n\n\"Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. (CVE-2013-2150)\"",
"id": "CVE-2013-2150",
"lastModified": "2024-11-21T01:51:08.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:05.567",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 07:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/ | Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/changelog/server/ | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/changelog/server/ | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27FAF650-B449-4EF0-BA23-F36C3D2E7DC8",
"versionEndExcluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ownCloud versiones anteriores a 10.4.\u0026#xa0;Debido a un problema de tipo SSRF (por medio del par\u00e1metro remoto apps/files_sharing/external), un atacante autenticado puede interactuar con los servicios locales a ciegas (tambi\u00e9n se conoce como Blind SSRF) o conducir un ataque de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-10252",
"lastModified": "2024-11-21T04:55:04.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T07:15:13.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://owncloud.org/changelog/server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 08:15
Modified
2024-11-21 05:29
Severity ?
3.9 (Low) - CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3D4EB34D-C2BC-41EC-AA21-21010B27ADF5",
"versionEndExcluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n ownCloud versiones anteriores a 2.15 para Android, permite a atacantes usar adb para incluir un valor de preferencias de PIN en un archivo de respaldo y, en consecuencia, omitir la funcionalidad de bloqueo de PIN mediante la restauraci\u00f3n de este archivo"
}
],
"id": "CVE-2020-36248",
"lastModified": "2024-11-21T05:29:09.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T08:15:11.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.0.13 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "141A8FE4-BFA1-4135-A3C9-9B038C08EA2B",
"versionEndIncluding": "4.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en lib/files/view.php en ownCloud anterior a 4.0.15, 4.5.x 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2039",
"lastModified": "2024-11-21T01:50:54.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.007",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.0.13 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "141A8FE4-BFA1-4135-A3C9-9B038C08EA2B",
"versionEndIncluding": "4.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2040",
"lastModified": "2024-11-21T01:50:54.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.333",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-13 17:15
Modified
2024-11-21 07:47
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CE639FC3-71DA-4EAD-A4FD-8BA194C4583B",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. "
},
{
"lang": "es",
"value": "La aplicaci\u00f3n ownCloud para Android permite a los usuarios de ownCloud acceder, compartir y editar archivos y carpetas. La versi\u00f3n 2.21.1 de la aplicaci\u00f3n ownCloud para Android es vulnerable a la inyecci\u00f3n SQL en `FileContentProvider.kt`. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Dos bases de datos, `filelist` y `owncloud_database`, se ven afectadas. En la versi\u00f3n 3.0, la base de datos `filelist` qued\u00f3 obsoleta. Sin embargo, las inyecciones que afectan a `owncloud_database` siguen siendo relevantes a partir de la versi\u00f3n 3.0."
}
],
"id": "CVE-2023-23948",
"lastModified": "2024-11-21T07:47:09.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-13T17:15:11.347",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-09 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D8D0EB-7183-44B3-9C7C-28AC797EFA12",
"versionEndExcluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions \u003c 10.6."
},
{
"lang": "es",
"value": "Una eliminaci\u00f3n de usuarios con determinados nombres caus\u00f3 la eliminaci\u00f3n de archivos del sistema.\u0026#xa0;El riesgo es mayor para los sistemas que permiten a usuarios registrarse y tener el directorio de datos en la root web.\u0026#xa0;Esto afecta a versiones de ownCloud/core versiones anteriores a 10.6"
}
],
"id": "CVE-2020-28645",
"lastModified": "2024-11-21T05:23:05.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-09T19:15:13.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * | |
| owncloud | owncloud | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F368-B854-430E-AB8F-496675C4E210",
"versionEndExcluding": "9.0.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288B81D-CA35-46EB-A7E7-B60B193E3F81",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D681D54F-2420-4791-98D3-74E8A2E5F919",
"versionEndExcluding": "8.2.9",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E30105-E26E-4913-8597-66C1C4ABA11B",
"versionEndExcluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1 y ownCloud Server en versiones anteirores a 9.1.2, 9.0.6 y 8.2.9 sufren de Bypass de autenticaci\u00f3n de usuario SMB. Nextcloud/ownCloud Incluye un componente de autenticaci\u00f3n SMB opcional y no predeterminado que permite autenticar a los usuarios en un servidor SMB. Este backend se implementa de una manera que intenta conectarse a un servidor SMB y si eso sucede considerar al usuario conectado. El backend no tom\u00f3 correctamente en cuenta los servidores SMB que tienen cualquier tipo de configuraci\u00f3n an\u00f3nima. Este es el valor predeterminado en los servidores SMB en la actualidad y permite a un atacante no autenticado acceder a una cuenta sin credenciales v\u00e1lidas. Nota: El servidor SMB est\u00e1 deshabilitado de forma predeterminada y requiere una configuraci\u00f3n manual en el archivo de configuraci\u00f3n Nextcloud/ownCloud. Si no has configurado el servidor SMB, no te ver\u00e1s afectado por esta vulnerabilidad."
}
],
"id": "CVE-2016-9463",
"lastModified": "2024-11-21T03:01:16.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.933",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/148151"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/148151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-303"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "438EB19E-E28C-47E6-B980-58E3EEA379EF",
"versionEndIncluding": "9.0.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC698542-23B9-4101-BD01-10D2FB0870E9",
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 son vulnerables a un ataque de contenido falsificado en la aplicaci\u00f3n de archivos. La barra de ubicaci\u00f3n en la aplicaci\u00f3n de archivos no estaba verificando los par\u00e1metros pasados. Un atacante podr\u00eda manipular un enlace no v\u00e1lido a una estructura de directorio falsa y usar esto para mostrar un mensaje de error controlado por el atacante al usuario."
}
],
"id": "CVE-2016-9460",
"lastModified": "2024-11-21T03:01:15.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.793",
"references": [
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/97282"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145463"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/145463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA20301-F66D-40C3-8E61-D37867C54429",
"versionEndIncluding": "5.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 5.0.16 y 6.0.x anterior a 6.0.3 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados leer los nombres de archivos de otros usuarios mediante el aprovechamiento de acceso a m\u00faltiples cuentas."
}
],
"id": "CVE-2014-3838",
"lastModified": "2024-11-21T02:08:57.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96425 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-001 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96425 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-001 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 8.2.2 | |
| owncloud | owncloud | 8.2.3 | |
| owncloud | owncloud | 8.2.4 | |
| owncloud | owncloud | 8.2.5 | |
| owncloud | owncloud | 8.2.6 | |
| owncloud | owncloud | 8.2.7 | |
| owncloud | owncloud | 8.2.8 | |
| owncloud | owncloud | 9.0.0 | |
| owncloud | owncloud | 9.0.1 | |
| owncloud | owncloud | 9.0.2 | |
| owncloud | owncloud | 9.0.3 | |
| owncloud | owncloud | 9.0.4 | |
| owncloud | owncloud | 9.0.5 | |
| owncloud | owncloud | 9.0.6 | |
| owncloud | owncloud | 9.1.0 | |
| owncloud | owncloud | 9.1.1 | |
| owncloud | owncloud | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2EB67F-2620-434E-9AB5-45293C019F3F",
"versionEndIncluding": "8.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C35E22D-36A5-495B-8611-7C8B70064A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBDBB20-B519-4683-BB16-63A25AE53D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67AD973F-F06D-46C9-85EB-3521899A257B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8098FF20-D5EA-4F72-A837-0CE7B9761974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0930807A-BA26-4AFF-9B52-EC2EAF5A456D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F81CD71B-7D08-485B-9042-D4CE523FEE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25185B4F-623B-45F5-97C3-A520C96B6CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F31B84D-7A81-426C-8C91-BF86087ED657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CF3111-74DA-4644-9318-4D5CC6FBD1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D52C26E1-C1A1-4834-84C5-C4403E1734D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "377EE3A2-8105-4448-AB9E-C703513CA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB63FC-724C-4FA5-A998-4549A2460A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E74BD31-5BD3-40FE-93BA-CAE23DA681B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D138CF-6623-4E1E-97DC-6DD96FE62C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "578DA4AF-C61B-4796-B5BF-89701D3FB8CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."
},
{
"lang": "es",
"value": "La funcionalidad de reestablecimiento de contrase\u00f1a en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 env\u00eda diferentes mensajes de error dependiendo de si el nombre de usuario es v\u00e1lido, lo que permite a atacantes remotos enumerar nombres de usuario a trav\u00e9s de un gran n\u00famero de intentos de reestablecimiento de contrase\u00f1a."
}
],
"id": "CVE-2017-5865",
"lastModified": "2024-11-21T03:28:33.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96425"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1396EB21-CE64-4EA7-8212-E3F86D7E3C8A",
"versionEndIncluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud Server anterior a 4.0.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro readyCallback hacia apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, (2) el par\u00e1metro root hacia apps/gallery/templates/index.php o (3) una consulta malformada hacia lib/db.php."
}
],
"id": "CVE-2012-5056",
"lastModified": "2024-11-21T01:43:56.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:03.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 07:15
Modified
2024-11-21 05:29
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3D4EB34D-C2BC-41EC-AA21-21010B27ADF5",
"versionEndExcluding": "2.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past."
},
{
"lang": "es",
"value": "En la aplicaci\u00f3n ownCloud versiones anteriores a 2.15 para Android, el mecanismo de protecci\u00f3n de bloqueo puede ser omitido al mover la fecha y hora del sistema al pasado"
}
],
"id": "CVE-2020-36250",
"lastModified": "2024-11-21T05:29:09.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T07:15:13.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 21:29
Modified
2024-11-21 03:35
Severity ?
Summary
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackerone.com/reports/166581 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-006 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/166581 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-006 | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3085407E-B978-4DB5-A2D2-0BC66562D474",
"versionEndExcluding": "10.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2."
},
{
"lang": "es",
"value": "Un atacante ha iniciado sesi\u00f3n como un usuario normal y de alguna manera puede hacer que el administrador elimine las carpetas compartidas en ownCloud Server anterior a versi\u00f3n 10.0.2."
}
],
"id": "CVE-2017-9340",
"lastModified": "2024-11-21T03:35:52.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T21:29:00.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/166581"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/166581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-026/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-026/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C054D8-4161-4B1A-A7C2-BC9CF9C40FDC",
"versionEndIncluding": "5.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en ownCloud anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la subida de un archivo manipulado y luego acceder a el a trav\u00e9s de una solicitud directa al archivo en /data."
}
],
"evaluatorComment": "Per: https://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
"id": "CVE-2013-2089",
"lastModified": "2024-11-21T01:51:00.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 01:50
Severity ?
Summary
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.0.12 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64BD26A8-FA49-4D50-A2AA-452B95D5A7A3",
"versionEndIncluding": "4.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack."
},
{
"lang": "es",
"value": "La rutina de instalaci\u00f3n en ownCloud Server anterior a 4.0.14, 4.5.x anterior a 4.5.9 y 5.0.x anterior a 5.0.4 utiliza la funci\u00f3n de tiempo para inicializar la generaci\u00f3n de la contrase\u00f1a de usuario de la base de datos PostgreSQL, lo que facilita a atacantes remotos adivinar la contrase\u00f1a a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-1941",
"lastModified": "2024-11-21T01:50:43.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.733",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 15:15
Modified
2024-11-21 06:52
Severity ?
Summary
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E078E880-E85D-42B1-8D09-5B5E911EBA03",
"versionEndExcluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers."
},
{
"lang": "es",
"value": "ownCloud owncloud/android versi\u00f3n 2.20, presenta un Control de Acceso Incorrecto para atacantes locales"
}
],
"id": "CVE-2022-25339",
"lastModified": "2024-11-21T06:52:02.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T15:15:07.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25339/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25339/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el sistema de previsualizaci\u00f3n en ownCloud 6.x anterior a 6.0.6 y 7.x anterior a 7.0.3 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-9047",
"lastModified": "2024-11-21T02:20:10.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:07.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | nextcloud_server | * | |
| nextcloud | nextcloud_server | * | |
| owncloud | owncloud | * | |
| owncloud | owncloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3F368-B854-430E-AB8F-496675C4E210",
"versionEndExcluding": "9.0.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288B81D-CA35-46EB-A7E7-B60B193E3F81",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8CCC5C-D019-4A80-BD8D-3914BFFC60C0",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de contenido de suplantaci\u00f3n en la aplicaci\u00f3n de archivos. La barra de ubicaci\u00f3n en la aplicaci\u00f3n de archivos no estaba verificando los par\u00e1metros pasados. Un atacante podr\u00eda manipular un enlace no v\u00e1lido a una estructura de directorio falsa y usar esto para mostrar un mensaje de error controlado por el atacante al usuario."
}
],
"id": "CVE-2016-9467",
"lastModified": "2024-11-21T03:01:16.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.153",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/154827"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/154827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A84375DC-237B-4100-99EB-1EA524B6D08E",
"versionEndIncluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en ownCloud Server anterior a 6.0.3 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que (1) realizan ataques de XSS, (2) modifican archivos o (3) renombran archivos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3836",
"lastModified": "2024-11-21T02:08:57.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:04.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-29 20:59
Modified
2024-11-21 02:34
Severity ?
Summary
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2015-013 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2015-013 | Broken Link, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F80677C4-616C-44A3-AA94-BB69E4717496",
"versionEndExcluding": "3.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers."
},
{
"lang": "es",
"value": "Aplicaci\u00f3n ownCloud iOS en versiones anteriores a 3.4.4 no cambia adecuadamente el estado entre m\u00faltiples instancias, lo que permite a administradores remotos de instancias obtener informaci\u00f3n sensible de credencial y cookie mediante lectura de cabeceras de autenticaci\u00f3n."
}
],
"id": "CVE-2015-5955",
"lastModified": "2024-11-21T02:34:12.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-29T20:59:06.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 01:47
Severity ?
Summary
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings."
},
{
"lang": "es",
"value": "settings/personal.php en ownCloud 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de configuraciones de punto de montaje manipuladas."
}
],
"id": "CVE-2013-0204",
"lastModified": "2024-11-21T01:47:03.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:03.653",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 17:55
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en apps/calendar/ajax/settings/settimezone en ownCloud anterior a 4.0.12 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que cambian la zona horaria a trav\u00e9s del par\u00e1metro timezone."
}
],
"id": "CVE-2013-0301",
"lastModified": "2024-11-21T01:47:15.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T17:55:06.983",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-26 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 | |
| owncloud | owncloud | 7.0.3 | |
| owncloud | owncloud | 7.0.4 | |
| owncloud | owncloud | 7.0.5 | |
| owncloud | owncloud | 7.0.6 | |
| owncloud | owncloud | 7.0.7 | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 | |
| owncloud | owncloud | 8.0.5 | |
| owncloud | owncloud | 8.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php."
},
{
"lang": "es",
"value": "ownCloud Server en versiones anteriores a 7.0.8, 8.0.x en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 no verifica adecuadamente el propietario de los calendarios, lo que permite a usuarios remotos autenticados leer calendarios arbitrariamente a trav\u00e9s del par\u00e1metro calid en apps/calendar/export.php."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/639.html\"\u003eCWE-639: Authorization Bypass Through User-Controlled Key\u003c/a\u003e",
"id": "CVE-2015-6670",
"lastModified": "2024-11-21T02:35:24.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T14:59:09.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 16:31
Modified
2024-11-21 01:47
Severity ?
Summary
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en core/ajax/translations.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores desconocidos. NOTA: esta entrada ha sido dividida (SPLIT) debido a diferentes versiones afectadas. El problema core/settings.php est\u00e1 cubierto por CVE-2013-7344."
}
],
"id": "CVE-2013-0303",
"lastModified": "2024-11-21T01:47:15.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T16:31:06.760",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D91475-2CF5-4CA4-888E-44C1D4AC2701",
"versionEndIncluding": "4.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file."
},
{
"lang": "es",
"value": "Vulnerabilidad lista negra incompleta en lib/filesystem.php en ownCloud antes v4.5.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo mount.php en un fichero ZIP"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html \u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2012-5609",
"lastModified": "2024-11-21T01:44:57.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T01:55:07.460",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4619c66"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/e8a0cea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/4619c66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/e8a0cea"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 16:35
Modified
2024-11-21 02:06
Severity ?
Summary
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user\u0027s ownCloud via the mount configuration."
},
{
"lang": "es",
"value": "ownCloud anterior a 5.0.15 y 6.x anterior a 6.0.2, cuando la aplicaci\u00f3n file_external est\u00e1 habilitada, permite a usuarios remotos autenticados montar el sistema de archivos local en el ownCloud del usuario a trav\u00e9s de la configuraci\u00f3n mount."
}
],
"id": "CVE-2014-2585",
"lastModified": "2024-11-21T02:06:34.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T16:35:49.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-09 13:16
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F56AF42-6C58-4DBB-BA69-06A8F2F81799",
"versionEndIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud Server anterior a 5.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro new_name hacia apps/bookmarks/ajax/renameTag.php o (2) m\u00faltiples par\u00e1metros no especificados hacia archivos desconocidos en apps/contacts/ajax/."
}
],
"id": "CVE-2013-1890",
"lastModified": "2024-11-21T01:50:35.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-09T13:16:56.130",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58852"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96426 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2017-002 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96426 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2017-002 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 8.2.0 | |
| owncloud | owncloud | 8.2.1 | |
| owncloud | owncloud | 8.2.2 | |
| owncloud | owncloud | 8.2.3 | |
| owncloud | owncloud | 8.2.4 | |
| owncloud | owncloud | 8.2.5 | |
| owncloud | owncloud | 8.2.6 | |
| owncloud | owncloud | 8.2.7 | |
| owncloud | owncloud | 8.2.8 | |
| owncloud | owncloud | 9.0.0 | |
| owncloud | owncloud | 9.0.1 | |
| owncloud | owncloud | 9.0.2 | |
| owncloud | owncloud | 9.0.3 | |
| owncloud | owncloud | 9.0.4 | |
| owncloud | owncloud | 9.0.5 | |
| owncloud | owncloud | 9.0.6 | |
| owncloud | owncloud | 9.1.0 | |
| owncloud | owncloud | 9.1.1 | |
| owncloud | owncloud | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2EB67F-2620-434E-9AB5-45293C019F3F",
"versionEndIncluding": "8.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E9C5BC-A6BA-4919-9934-BFAA915CC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF5397-3B98-431B-B235-424A3B6BEFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C35E22D-36A5-495B-8611-7C8B70064A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBDBB20-B519-4683-BB16-63A25AE53D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67AD973F-F06D-46C9-85EB-3521899A257B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8098FF20-D5EA-4F72-A837-0CE7B9761974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0930807A-BA26-4AFF-9B52-EC2EAF5A456D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F81CD71B-7D08-485B-9042-D4CE523FEE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25185B4F-623B-45F5-97C3-A520C96B6CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F31B84D-7A81-426C-8C91-BF86087ED657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CF3111-74DA-4644-9318-4D5CC6FBD1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D52C26E1-C1A1-4834-84C5-C4403E1734D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "377EE3A2-8105-4448-AB9E-C703513CA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEB63FC-724C-4FA5-A998-4549A2460A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E74BD31-5BD3-40FE-93BA-CAE23DA681B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D138CF-6623-4E1E-97DC-6DD96FE62C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "578DA4AF-C61B-4796-B5BF-89701D3FB8CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "La caracter\u00edstica de autocompletar en el cuadro de di\u00e1logo del E-Mail en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-5866",
"lastModified": "2024-11-21T03:28:33.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96426"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA20301-F66D-40C3-8E61-D37867C54429",
"versionEndIncluding": "5.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 5.0.16 y 6.0.x anterior a 6.0.3 no comprueba permisos a la aplicaci\u00f3n files_external, lo que permite a usuarios remotos autenticados a\u00f1adir almacenaje externo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3835",
"lastModified": "2024-11-21T02:08:57.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 18:59
Modified
2024-11-21 02:31
Severity ?
Summary
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45DD7E31-9A49-4154-9C26-89A389581E05",
"versionEndIncluding": "6.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names."
},
{
"lang": "es",
"value": "El componente de saneo de nombre de archivo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 no maneja correctamente la proyecci\u00f3n de par\u00e1metros $_GET por PHP a un array, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo del archivo log) a trav\u00e9s de nombres de archivo de terminal manipulados."
}
],
"id": "CVE-2015-4717",
"lastModified": "2024-11-21T02:31:36.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-21T18:59:01.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76161"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB005B3-22C4-4365-B287-FBF77657DE66",
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.9 y v4.5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) nombre de archivo a apps/files_versions/js/versions.js (2) apps/files/js/filelist.js o (3) titulo del evento a 3rdparty/fullcalendar/js/fullcalendar.js."
}
],
"id": "CVE-2012-5606",
"lastModified": "2024-11-21T01:44:57.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-18T01:55:07.227",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/ce66759"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/e45f36c"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/e5f2d46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/ce66759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/e45f36c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/e5f2d46"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-20 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E312736-9A36-45BA-AB87-16E176845056",
"versionEndIncluding": "5.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el componente de enrutamiento en ownCloud Server anterior a 5.0.17 y 6.0.x anterior a 6.0.4 permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de fichero, relacionado con index.php."
}
],
"id": "CVE-2014-4929",
"lastModified": "2024-11-21T02:11:07.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-20T14:55:06.173",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0301.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0301.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68975"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-05 15:10
Modified
2024-11-21 01:50
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA26473-CFC6-47C4-AFE2-3054009C72B1",
"versionEndIncluding": "2.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "240CE762-4A1C-4DA2-B3B2-CA62EE52D0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07E7E16E-4CEE-4A52-BBFB-A6B91F554F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3BBB9D-E51F-45CE-80A2-8C941C61D226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE56777-4889-4EA5-ACCE-30E9BD4160BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F2661722-5819-4A10-8E20-F55742FC4142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D578448-06BC-4357-9869-F6A82ADF8454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "61F877B3-EB9D-4EC1-8C41-47AC43D2B4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1917822-5F80-4D6B-B0EC-FBD19D6838B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66323183-39E6-4B61-8D02-31BABE830742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1A46F6-4BD6-4C4D-BB80-C6F0248EBA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1FD461-CBFA-47B5-AFA9-F53493564CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63CA46F2-D56C-4623-873F-03F76AE0967A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D48EC6C3-FA37-4EBF-8E5E-3A2642078CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4067F47-07AE-49FD-ABF4-33639E1F82E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6982962-AF0F-4FBD-BEFE-684D82155DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB916FFE-72D0-4952-A253-6AE469A390F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "688FC4B8-B09F-4F7D-98A5-B58127112588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6A45E1-EC36-4E80-8893-8BE16E8FBBD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3BB08E-6D8E-4E38-8899-B464D49FCC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FEE2BB-48F2-41D5-BB15-C8A999406416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A486DBC-85B8-4FEA-A353-EB31BEE48FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E521-43E8-4264-8871-59DA99ECF989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAA10E4-CDBA-4FD5-8651-F7598FA77129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "33CBE52A-ACEA-4111-B3E6-AB1336F171B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF7654-E0E0-48EC-91BA-806F79391472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "760B1D50-D216-4931-ACE0-1A1F4C317988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE0548B-A35B-431E-B42B-84CAB8E4EC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61B69A-66B9-4C5C-A16B-1C3F9EEB15DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A65BF1E-61C7-4600-A1D0-D41D16A136A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673260C-72A4-4E1F-8762-94A511828701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF5E7B9-08F9-40C4-BD4C-F540777BADCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "64830A8B-3066-4128-B66B-72EE83B3AEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E92C560A-8541-4E13-8605-D9821E2F2BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "922C630F-B3AE-4FB6-BE62-02D86E71ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D07ED7E1-44B4-48A1-82B2-8E293E0AB65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35E695A-D051-49C0-8CED-1BF8BBE1DA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BDED28-1792-4B00-816A-F25AA3B63C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF363EE-4C2C-46C5-91A0-41BEC3C35B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF4CF6E-0DAC-4F8F-8C26-00261B2A5A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81E2112D-E069-43DF-AC97-413833190790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18B789B0-EA7B-4374-BC57-6889B6734715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFCB4FBC-DE26-4DFE-BC54-D4D9FBD4A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "469C4EF8-269F-4720-A795-EFBD4E416E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5D42F6-7503-4CDE-88D0-CD864B4DDBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFAE329-FED7-4605-9412-0EC179052DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F299E7B-91F8-43DA-816A-B57D39578A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72D1457F-B1BD-4F6C-AA9E-25E2C5A6CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C83BD72-FF91-459C-AB43-535ECF32F356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BC3D75-F2D8-4F07-994D-68F6D1BCFA1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E7FF3-72B0-4259-8251-57E4C8EDA96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B8CB5D-0C8C-48C2-AC35-8892345FC15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53EE9E64-AD8E-4977-A4A5-4844F1754A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E20C7FBF-A9D5-42B0-A158-A96350F04DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E011E781-BC0D-4F82-990B-D6C3D9399D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87334357-BC8E-4D84-80EC-DC4F5875BB76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44BC2156-5E22-4E91-ACFE-5FED3E243202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A207B2-EF39-4B7D-A5CA-7888104A048C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFDA2F2-1C4A-4F88-9064-C1B2BED96A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6359E2E1-D5E3-447D-AED4-8ECACF519744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A36FA3C-15AE-451E-8501-EC16BC724B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFE7414-9B96-4F1D-91C5-CC696EAB9453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF94D01-0957-4813-B7AE-83203C641375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0A4102-E5EB-4506-8885-1ED8E4E40D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5C825F-7EEF-41B7-96BF-0422F8362321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03DBF23C-CFDC-4B45-85A6-308FC2B3B6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D9B75-C502-41DF-9BF4-443431B1EC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0A0BE7-DC7B-4F26-8E76-C91D32B16A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43977908-CF0D-4506-B79D-CB6BBB103202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B10A7BBC-ACEF-4688-BC82-8A2A3DA2495C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CC7114-7EAF-4328-8026-11A7C988E379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en flashmediaelement.swf en MediaElement.js anterior a 2.11.2, utilizado en OwnCloud Server 5.0.x anterior a 5.0.5 y 4.5.x anterior a 4.5.10, permite a atacantes remotos inyectar script Web o HTML arbitrario a trav\u00e9s del par\u00e1metro file."
}
],
"id": "CVE-2013-1967",
"lastModified": "2024-11-21T01:50:45.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-05T15:10:05.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53079"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en bookmarks/js/bookmarks.js en ownCloud v4.0.x antes de v4.0.10 y v4.5.x antes de v4.5.5 permite a atacantse remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de PATH_INFO a apps/bookmark/index.php."
}
],
"id": "CVE-2012-5666",
"lastModified": "2024-11-21T01:45:04.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-03T01:55:03.937",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51614"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/apps/commit/eafa9b2"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/owncloud/core/commit/b24c929cc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/apps/commit/eafa9b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/owncloud/core/commit/b24c929cc0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288B81D-CA35-46EB-A7E7-B60B193E3F81",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8CCC5C-D019-4A80-BD8D-3914BFFC60C0",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8",
"versionEndExcluding": "9.1.2",
"versionStartIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability."
},
{
"lang": "es",
"value": "Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de Reflexed XSS en la aplicaci\u00f3n Galer\u00eda. La aplicaci\u00f3n de la galer\u00eda no estaba correctamente desinfectando los mensajes de excepci\u00f3n del servidor Nextcloud/ownCloud. Debido a un punto final en el que un atacante podr\u00eda influir en el mensaje de error, esto llev\u00f3 a una vulnerabilidad de secuencias de comandos en sitios cruzados reflejada."
}
],
"id": "CVE-2016-9466",
"lastModified": "2024-11-21T03:01:16.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.107",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/165686"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/165686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3FA1AD-BCD5-4DA7-BB06-24E6023EC33A",
"versionEndIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) nombre de ficheros para apps/user_ldap/settings.php; (2) url o (3) par\u00e1metro t\u00edtulo para apps/bookmarks/ajax/editBookmark.php; (4) etiqueta o (5) par\u00e1metro page para apps/bookmarks/ajax/updateList.php; (6) identity para apps/user_openid/settings.php; (7) nombre stack en apps/gallery/lib/tiles.php; (8) par\u00e1metro root para apps/gallery/templates/index.php; (9) calendar displayname en apps/calendar/templates/part.import.php; (10) calendar uri en apps/calendar/templates/part.choosecalendar.rowfields.php; (11) t\u00edtulo, (12) localizaci\u00f3n, o (13) par\u00e1metro descripci\u00f3n en apps/calendar/lib/object.php; (14) ciertos vectores en core/js/multiselect.js; o (15) artist, (16) album, o (17) title comments par\u00e1metros en apps/media/lib_scanner.php."
}
],
"id": "CVE-2012-4396",
"lastModified": "2024-11-21T01:42:47.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:03.053",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks."
},
{
"lang": "es",
"value": "La funcionalidad de importaci\u00f3n en la aplicaci\u00f3n bookmarks application en el servidor ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 no valida los tokens CSRF, lo que permiten a atacantes remotos realizar ataques de CSRF."
}
],
"id": "CVE-2014-9041",
"lastModified": "2024-11-21T02:20:09.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-04T18:59:01.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro tag hacia apps/bookmarks/ajax/addBookmark.php o (2) el par\u00e1metro dir hacia apps/files/ajax/newfile.php, lo que es pasado a apps/files/js/files.js."
}
],
"id": "CVE-2013-2041",
"lastModified": "2024-11-21T01:50:55.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:05.350",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 15:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B113E4-7A02-405F-80BA-2C801D45294C",
"versionEndIncluding": "7.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a \" (double quote) character in a filename in a shared folder."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la aplicaci\u00f3n activity en ownCloud Server en versiones anteriores a 7.0.5 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un caracter \u0027 (comillas) en un nombre de archivo en una carpeta compartida."
}
],
"id": "CVE-2015-5953",
"lastModified": "2024-11-21T02:34:12.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-21T15:59:00.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-027/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-027/ | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file."
},
{
"lang": "es",
"value": "El cargador de configuraci\u00f3n en ownCloud 5.0.x anterior a 5.0.6 permite a atacantes remotos obtener tokens CSRF y otra informaci\u00f3n sensible mediante la lectura de un archivo JavaScript no especificado."
}
],
"id": "CVE-2013-2086",
"lastModified": "2024-11-21T01:51:00.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:05.507",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "022275A7-C99A-460D-891B-465783AC54BD",
"versionEndExcluding": "4.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79BACD75-62DE-4EEA-B89A-B705BD2E3382",
"versionEndExcluding": "5.0.7",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.16 y 5.x anterior a 5.0.7 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores relacionados con archivos compartidos."
}
],
"id": "CVE-2013-2149",
"lastModified": "2024-11-21T01:51:08.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T16:55:05.553",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 21:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 | |
| owncloud | owncloud | 8.0.5 | |
| owncloud | owncloud | 8.0.6 | |
| owncloud | owncloud | 8.0.8 | |
| owncloud | owncloud | 8.0.9 | |
| owncloud | owncloud | 8.1.0 | |
| owncloud | owncloud | 8.1.1 | |
| owncloud | owncloud | 8.1.3 | |
| owncloud | owncloud | 8.1.4 | |
| owncloud | owncloud | 8.2.0 | |
| owncloud | owncloud | 8.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED68463-3D2F-4227-8202-BE10AE025374",
"versionEndIncluding": "7.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE3AB7D-04F1-4F0B-BFFE-4260C8E13A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "259D042F-CB8A-434C-9923-E50E92F3129F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D2784965-324F-4455-97DC-7183DE7A4293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB456E3-CFF6-4378-9341-74B244DD042E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2439520-80AD-45E9-8551-2C0C7A2C6F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC29D1D1-03EC-48B0-B917-F4E2C6FD3906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E9C5BC-A6BA-4919-9934-BFAA915CC042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34AF5397-3B98-431B-B235-424A3B6BEFAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el componente OCS discovery provider en ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados involucrando una URL."
}
],
"id": "CVE-2016-1498",
"lastModified": "2024-11-21T02:46:33.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T21:59:06.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5CDBFF-98CD-4D83-86DE-6D9DCBDEE447",
"versionEndIncluding": "1.7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66015009-B675-48D1-832E-83DA572CE3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6F6A89-0929-436C-AA9D-5C9785614A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "718E00BD-5DE6-4C26-AD7B-EBEC1F4E487A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7267D5CC-D22D-42C4-A6B8-5F7BCFCD5E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "797523D4-B8D0-4245-9965-A968D8026304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "550C2E4E-5D50-4A92-9C3D-E6FF68873876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4537A464-215B-4022-941A-04431C8BDA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF82071-7199-4A62-B0D5-999D3490B3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB550531-7444-4692-B48A-36A04DFEF163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57434880-DCFF-404A-A2C8-B10AA129D0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4CC09F-E145-4390-9E03-CF14ACBDA0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36AFB445-B140-4103-8382-56D34C646E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64543375-1EC5-432F-97B0-D09ADE2DB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71D19C4C-3A3A-4A1B-8FA1-8A522049CDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CD9C93-83D6-433E-AE93-145063EC53DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2493DC42-655D-4B76-B30C-F1D19AA73645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE58412-FCDB-4997-B5AC-9085E8222B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "731DDDED-8D86-4EBF-889A-F26F40C4E95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67F9D01B-E039-4209-936A-738345F7AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2E1FE-9449-464D-A6A4-ECF0775629DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A5745B-925B-48F5-B2BC-EFB46162505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDA277B-087D-45F3-A380-15F648B1EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FAA313-7A78-456A-BC34-BA49E391EC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24F90183-E9FC-42C9-BE08-4A1683383736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45BBAF94-5DC7-40B0-A1DA-858D9B30FBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C704ED-C955-4C4E-9A19-097A15DD1F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68A00A4D-75BD-46E5-BA5C-EEFCA18EA61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F3EF8F-6475-4B8E-929C-5B6C2689AA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AA385C-6F5A-4E7F-B194-432FA1D7C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB211D7-8482-44C6-BF25-06D08F651E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5CDBFF-98CD-4D83-86DE-6D9DCBDEE447",
"versionEndIncluding": "1.7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66015009-B675-48D1-832E-83DA572CE3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6F6A89-0929-436C-AA9D-5C9785614A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "718E00BD-5DE6-4C26-AD7B-EBEC1F4E487A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7267D5CC-D22D-42C4-A6B8-5F7BCFCD5E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "797523D4-B8D0-4245-9965-A968D8026304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "550C2E4E-5D50-4A92-9C3D-E6FF68873876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4537A464-215B-4022-941A-04431C8BDA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF82071-7199-4A62-B0D5-999D3490B3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB550531-7444-4692-B48A-36A04DFEF163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "57434880-DCFF-404A-A2C8-B10AA129D0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4CC09F-E145-4390-9E03-CF14ACBDA0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36AFB445-B140-4103-8382-56D34C646E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64543375-1EC5-432F-97B0-D09ADE2DB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71D19C4C-3A3A-4A1B-8FA1-8A522049CDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CD9C93-83D6-433E-AE93-145063EC53DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2493DC42-655D-4B76-B30C-F1D19AA73645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE58412-FCDB-4997-B5AC-9085E8222B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "731DDDED-8D86-4EBF-889A-F26F40C4E95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67F9D01B-E039-4209-936A-738345F7AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2E1FE-9449-464D-A6A4-ECF0775629DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A5745B-925B-48F5-B2BC-EFB46162505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDA277B-087D-45F3-A380-15F648B1EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69FAA313-7A78-456A-BC34-BA49E391EC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24F90183-E9FC-42C9-BE08-4A1683383736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45BBAF94-5DC7-40B0-A1DA-858D9B30FBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C704ED-C955-4C4E-9A19-097A15DD1F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68A00A4D-75BD-46E5-BA5C-EEFCA18EA61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F3EF8F-6475-4B8E-929C-5B6C2689AA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AA385C-6F5A-4E7F-B194-432FA1D7C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB211D7-8482-44C6-BF25-06D08F651E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*",
"matchCriteriaId": "CF8A525D-F052-449B-AFD8-DC6A956D30D9",
"versionEndIncluding": "5.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "SabreDAV anterior a 1.7.11, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto a trav\u00e9s de un ataque de entidad externa XML (XXE)."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/611.html\n\n\"CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\"",
"id": "CVE-2014-2055",
"lastModified": "2024-11-21T02:05:33.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-20 10:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9816A6-A172-424C-9870-9F373746C625",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en ownCloud v3.0.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para las solicitudes que insertan secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de vectores relacionados con los contactos. NOTA: la procedencia de esta informaci\u00f3n es desconocida, los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-2397",
"lastModified": "2024-11-21T01:39:01.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-20T10:55:01.433",
"references": [
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/security/advisories/CVE-2012-2397/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48850"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/security/advisories/CVE-2012-2397/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) un archivo iCalendar manipulado hacia la aplicaci\u00f3n calendar, el par\u00e1metro (2) dir o (3) file hacia apps/files_pdfviewer/viewer.php o el (4) par\u00e1metro mountpoint hacia /apps/files_external/addMountPoint.php."
}
],
"id": "CVE-2013-0298",
"lastModified": "2024-11-21T01:47:15.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T15:55:05.417",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funcionalidad de importaci\u00f3n en la aplicaci\u00f3n bookmarks en ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios mediante la importaci\u00f3n un enlac\u00e9 con un protocolo no especificado. NOTA: esto puede ser aprovechado por atacantes remotos que utilizan CVE-2014-9041."
}
],
"id": "CVE-2014-9042",
"lastModified": "2024-11-21T02:20:09.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-04T18:59:02.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FA4A92-1FE7-4E83-B951-F33B0569835B",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en ownCloud anterior a v4.0.6 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para las solicitudes que utilizan (1) addBookmark.php, (2) delBookmark.php, o (3) editBookmark.php en bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) o share/unshare.php en calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/a! jax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, o (37) tasks/ajax/edittask.php en apps/; o administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, o (49) togglegroups.php en settings/ajax/."
}
],
"id": "CVE-2012-4393",
"lastModified": "2024-11-21T01:42:47.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.913",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB005B3-22C4-4365-B287-FBF77657DE66",
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""
},
{
"lang": "es",
"value": "La funcionalidad de reinicio \"Contrase\u00f1a olvidada\" en ownCloud v4.0.9 y antes de v4.5.0 no comprueba correctamente el token de seguridad, lo que permite a atacantes remotos para cambiar la contrase\u00f1a de las cuentas a trav\u00e9s de vectores no especificados relacionados con un \"Remote Timing Attack\"."
}
],
"id": "CVE-2012-5607",
"lastModified": "2024-11-21T01:44:57.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T01:55:07.287",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/changelog/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/99cd922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/owncloud/core/commit/99cd922"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente Documents en ownCloud Server 6.0.x anterior a 6.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, posiblemente relacionado con la funci\u00f3n print_unescaped."
}
],
"id": "CVE-2014-3832",
"lastModified": "2024-11-21T02:08:56.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-04T14:55:04.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-19 07:15
Modified
2024-11-21 05:29
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE3F246-E491-4756-A2A4-4344A463A0A8",
"versionEndExcluding": "10.3.1",
"versionStartIncluding": "10.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number."
},
{
"lang": "es",
"value": "ownCloud Server versiones 10.x anteriores a10.3.1, permite a un atacante, que posee un recurso compartido saliente de una v\u00edctima, acceder a cualquier versi\u00f3n de cualquier archivo mediante el env\u00edo de una petici\u00f3n de un n\u00famero de ID predecible"
}
],
"id": "CVE-2020-36252",
"lastModified": "2024-11-21T05:29:10.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-19T07:15:13.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.0.11 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C693FA-5ED0-4C73-9DF3-274D8445AC87",
"versionEndIncluding": "4.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user\u0027s account via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en lib/migrate.php en ownCloud anterior a 4.0.13 y 4.5.x anterior a 4.5.8, cuando la aplicaci\u00f3n user-migrate est\u00e1 habilitada, permite a usuarios remotos autenticados importar archivos arbitrarios a la cuenta del usuario a trav\u00e9s de vectores no especificadas."
}
],
"evaluatorComment": "Per: https://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
"id": "CVE-2013-1851",
"lastModified": "2024-11-21T01:50:31.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:04.943",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 18:59
Modified
2024-11-21 02:31
Severity ?
Summary
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45DD7E31-9A49-4154-9C26-89A389581E05",
"versionEndIncluding": "6.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file."
},
{
"lang": "es",
"value": "El controlador de almacenamiento SMB externo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a trav\u00e9s de un car\u00e1cter ; (punto y coma) en un archivo."
}
],
"id": "CVE-2015-4718",
"lastModified": "2024-11-21T02:31:36.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-21T18:59:02.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76162"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-21 18:59
Modified
2024-11-21 02:34
Severity ?
Summary
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 | |
| owncloud | owncloud | 7.0.3 | |
| owncloud | owncloud | 7.0.4 | |
| owncloud | owncloud | 7.0.5 | |
| owncloud | owncloud | 7.0.6 | |
| owncloud | owncloud | 8.0.0 | |
| owncloud | owncloud | 8.0.2 | |
| owncloud | owncloud | 8.0.3 | |
| owncloud | owncloud | 8.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A85161B-50EB-4819-927A-310C97AC441C",
"versionEndIncluding": "6.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder."
},
{
"lang": "es",
"value": "El sistema de archivos en ownCloud Server en versiones anteriores a 6.0.9, 7.0.x en versiones anteriores a 7.0.7 y 8.0.x en versiones anteriores a 8.0.5 no considera que NULL es un valor de retorno getPath v\u00e1lido, lo que permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y ganar acceso a los archivos de usuarios a trav\u00e9s de un enlace compartido a un archivo con una carpeta principal eliminada."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/252.html\"\u003eCWE-252: Unchecked Return Value\u003c/a\u003e",
"id": "CVE-2015-5954",
"lastModified": "2024-11-21T02:34:12.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-21T18:59:03.957",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C844D624-9B76-43B8-BD1A-A2743F1CF42C",
"versionEndIncluding": "4.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de contactos en ownCloud anterior a 4.5.10 y 5.x anterior a 5.0.5 no comprueba debidamente la propiedad de contactos, lo que permite a usuarios remotos autenticados descargar contactos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-1963",
"lastModified": "2024-11-21T01:50:45.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T16:55:04.990",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 16:31
Modified
2024-11-21 02:00
Severity ?
Summary
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en core/settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores desconocidos. NOTA: este problema fue separado de CVE-2013-0303 debido a diferentes versiones afectadas."
}
],
"id": "CVE-2013-7344",
"lastModified": "2024-11-21T02:00:47.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T16:31:06.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6414E8A4-F82F-44DF-A51A-B1482AE4BFB6",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro redirect_url"
}
],
"id": "CVE-2012-4395",
"lastModified": "2024-11-21T01:42:47.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:03.007",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n documents en ownCloud Server 6.x anterior a 6.0.6 y 7.x anterior a 7.0.3 permite a atacantes remotos evadir la protecci\u00f3n de contrase\u00f1as para ficheros compartidos a trav\u00e9s de la API."
}
],
"id": "CVE-2014-9048",
"lastModified": "2024-11-21T02:20:10.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:07.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 17:55
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en ownCloud 4.5.x anterior a 4.5.7 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que (1) cambian la vista por defecto a trav\u00e9s del par\u00e1metro v hacia apps/calendar/ajax/changeview.php, montar carpetas arbitrarias de (2) Google Drive o (3) Dropbox a trav\u00e9s de vectores relacionados con addRootCertificate.php, dropbox.php y google.php en apps/files_external/ajax/ o (4) cambian la URL del servidor de autenticaci\u00f3n a trav\u00e9s de vectores no especificados hacia apps/user_webdavauth/settings.php."
}
],
"id": "CVE-2013-0300",
"lastModified": "2024-11-21T01:47:15.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T17:55:06.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-08 14:59
Modified
2024-11-21 02:28
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kogmbh:webodf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30280597-4236-44D4-8096-4D91B8057AC7",
"versionEndIncluding": "0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17061AF2-A58E-4513-ACB5-EBB105E3F2FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en WebODF anterior a 0.5.5, utilizado en ownCloud, permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URI (1) de estilos o (2) de nombres de fuentes o (3) de javascript o (4) de datos."
}
],
"id": "CVE-2015-3012",
"lastModified": "2024-11-21T02:28:30.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-08T14:59:03.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-26 18:29
Modified
2024-11-21 02:05
Severity ?
Summary
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91973 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisories/insecure-openid-implementation/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91973 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisories/insecure-openid-implementation/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "266B14BE-B8FA-4C64-8603-A733EA0E58B1",
"versionEndExcluding": "5.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n user_openid en ownCloud Server en versiones anteriores a la 5.0.15 permite a los atacantes remotos obtener acceso mediante el aprovechamiento de una implementaci\u00f3n de OpenID insegura."
}
],
"id": "CVE-2014-2048",
"lastModified": "2024-11-21T02:05:32.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T18:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/insecure-openid-implementation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisories/insecure-openid-implementation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-04 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A84375DC-237B-4100-99EB-1EA524B6D08E",
"versionEndIncluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Document en ownCloud Server anterior a 6.0.3 utiliza valores secuenciales para file_id, lo que permite a usuarios remotos autenticados enumerar archivos compartidos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3837",
"lastModified": "2024-11-21T02:08:57.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-04T14:55:04.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-20 10:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9816A6-A172-424C-9870-9F373746C625",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en los fiels/ajax/download.php en ownCloud v3.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \u0027files\u0027, una vulnerabilidad diferente a la CVE-2012-2269.4. NOTA: la procedencia de esta informaci\u00f3n es desconocida, los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-2398",
"lastModified": "2024-11-21T01:39:01.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-20T10:55:01.480",
"references": [
{
"source": "cve@mitre.org",
"url": "http://owncloud.org/security/advisories/cve-2012-2398/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/security/advisories/cve-2012-2398/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-13 17:15
Modified
2024-11-21 07:48
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://hackerone.com/reports/377107 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://owncloud.com/security-advisories/oc-sa-2023-001/ | Vendor Advisory | |
| security-advisories@github.com | https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/377107 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.com/security-advisories/oc-sa-2023-001/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "58DF6EE2-DD7C-4458-B897-F00F2818B7EA",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app\u2019s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n ownCloud para Android permite a los usuarios de ownCloud acceder, compartir y editar archivos y carpetas. Antes de la versi\u00f3n 3.0, la aplicaci\u00f3n ten\u00eda una soluci\u00f3n incompleta para un problema de Path Traversal y era vulnerable a dos m\u00e9todos de omisi\u00f3n. Las omisiones pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n al cargar los archivos internos de la aplicaci\u00f3n y a la escritura arbitraria de archivos al cargar archivos de texto plano (aunque limitado por la extensi\u00f3n .txt). La versi\u00f3n 3.0 corrige las omisiones reportadas."
}
],
"id": "CVE-2023-24804",
"lastModified": "2024-11-21T07:48:25.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-13T17:15:11.487",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/377107"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/oc-sa-2023-001/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/377107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/oc-sa-2023-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 3.0.0 | |
| owncloud | owncloud | 3.0.1 | |
| owncloud | owncloud | 3.0.2 | |
| owncloud | owncloud | 3.0.3 | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permite a administradores remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro del campo de entrada group."
}
],
"id": "CVE-2013-0307",
"lastModified": "2024-11-21T01:47:16.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T15:55:05.433",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-07 14:15
Modified
2024-11-21 06:52
Severity ?
Summary
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E078E880-E85D-42B1-8D09-5B5E911EBA03",
"versionEndExcluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers."
},
{
"lang": "es",
"value": "ownCloud owncloud/android versiones anteriores a 2.20, presenta un Control de Acceso Incorrecto para atacantes f\u00edsicamente pr\u00f3ximos"
}
],
"id": "CVE-2022-25338",
"lastModified": "2024-11-21T06:52:02.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-07T14:15:07.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25338/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25338/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-08 14:59
Modified
2024-11-21 02:28
Severity ?
Summary
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3244 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/74451 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2015-003 | Patch, Vendor Advisory | |
| cve@mitre.org | https://owncloud.org/security/advisory/?id=oc-sa-2015-004 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3244 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74451 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2015-003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owncloud.org/security/advisory/?id=oc-sa-2015-004 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4932BF1-5767-4E2D-8A3B-5AA5A0B3E242",
"versionEndExcluding": "5.0.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "707ABFBB-C8C4-4FB2-AA42-9D58C9039220",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDAA762-36F8-48C7-B71B-1E832BF5B3D7",
"versionEndExcluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file."
},
{
"lang": "es",
"value": "ownCloud Server anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permite a usuarios remotos autenticados evadir la lista negra de ficheros y subir ficheros arbitrarios a trav\u00e9s de una ruta de ficheros con la codificaci\u00f3n UTF-8, tal y como fue demostrado mediante la subida de un fichero .htaccess."
}
],
"id": "CVE-2015-3013",
"lastModified": "2024-11-21T02:28:30.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-08T14:59:04.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74451"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 15:44
Modified
2024-11-21 01:47
Severity ?
Summary
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 4.0.0 | |
| owncloud | owncloud | 4.0.1 | |
| owncloud | owncloud | 4.0.2 | |
| owncloud | owncloud | 4.0.3 | |
| owncloud | owncloud | 4.0.4 | |
| owncloud | owncloud | 4.0.5 | |
| owncloud | owncloud | 4.0.6 | |
| owncloud | owncloud | 4.0.7 | |
| owncloud | owncloud | 4.0.8 | |
| owncloud | owncloud | 4.0.9 | |
| owncloud | owncloud | 4.0.10 | |
| amazon | sdk_tester | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5861C327-743A-41DF-8326-1696620194D3",
"versionEndIncluding": "4.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:sdk_tester:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FD3A46-C519-4A29-B752-BB703AF4D314",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to \"inclusion of the Amazon SDK testing suite.\" NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en ownCloud Server anterior a 4.0.12 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con \u0027inclusi\u00f3n del suite de pruebas Amazon SDK.\u0027 NOTA: debido a una falta de detalles, no est\u00e1 claro si el problema existente en el mismo ownCloud o en Amazon SDK."
}
],
"id": "CVE-2013-0302",
"lastModified": "2024-11-21T01:47:15.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T15:44:07.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | * | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 | |
| owncloud | owncloud | 5.0.6 | |
| owncloud | owncloud | 5.0.7 | |
| owncloud | owncloud | 5.0.8 | |
| owncloud | owncloud | 5.0.9 | |
| owncloud | owncloud | 5.0.10 | |
| owncloud | owncloud | 5.0.11 | |
| owncloud | owncloud | 5.0.12 | |
| owncloud | owncloud | 5.0.13 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.14 | |
| owncloud | owncloud | 5.0.15 | |
| owncloud | owncloud | 5.0.16 | |
| owncloud | owncloud | 6.0.0 | |
| owncloud | owncloud | 6.0.1 | |
| owncloud | owncloud | 6.0.2 | |
| owncloud | owncloud | 6.0.3 | |
| owncloud | owncloud | 6.0.4 | |
| owncloud | owncloud | 6.0.5 | |
| owncloud | owncloud | 7.0.0 | |
| owncloud | owncloud | 7.0.1 | |
| owncloud | owncloud | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1258D6F1-DB48-4C47-AE81-F3E4FC79F6C4",
"versionEndIncluding": "5.0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55475558-53CA-4764-9A70-1355D5759CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC3BCEC-9685-4899-91B6-1889FAB235C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D4055273-FBA3-46A7-9B0B-0A5A8BB2E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56985A58-4F38-4192-AEC3-7953184206E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D6510E0F-BA72-4591-8931-83974EFCDF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "14E553AC-B7F1-4692-8BC7-C59CE39C5CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1D79C4-2B24-4E55-8217-FDC00F22EC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16960810-E5B8-45EC-A54D-55941B1E728A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF9CAFD-F2E5-4AD4-BB65-D04A87E8E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.14:a:*:*:*:*:*:*",
"matchCriteriaId": "2CFC0B6E-54A4-45DD-94FA-CB03E7DC36DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35B4DF76-DD0D-4635-B26E-033542F26684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A92D0B1D-1AEE-4098-AD25-42D3FD839F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A499C18-61F0-486C-99E5-F6DD74EE5521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237F18EA-1A9B-4DE6-B604-12EB651F5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3240A4-27D1-475D-8AB1-79D54E549818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C89F7E-F835-4DA3-9506-70545DD95834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE53A52-6BEB-47E8-A1BE-A094B4B066DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CD65CEF7-238A-4F0E-9203-3C9EB0DECF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n user_ldap (tambi\u00e9n conocido como el backend del usuario y grupo de LDAP) en ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de un byte nulo en la contrase\u00f1a y un nombre de usuario v\u00e1lido, lo que provoca un enlace no autenticado."
}
],
"id": "CVE-2014-9043",
"lastModified": "2024-11-21T02:20:09.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-04T18:59:03.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-09 13:16
Modified
2024-11-21 01:50
Severity ?
Summary
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owncloud | owncloud | 4.5.0 | |
| owncloud | owncloud | 4.5.1 | |
| owncloud | owncloud | 4.5.2 | |
| owncloud | owncloud | 4.5.3 | |
| owncloud | owncloud | 4.5.4 | |
| owncloud | owncloud | 4.5.5 | |
| owncloud | owncloud | 4.5.6 | |
| owncloud | owncloud | 4.5.7 | |
| owncloud | owncloud | 4.5.8 | |
| owncloud | owncloud | 4.5.9 | |
| owncloud | owncloud | 4.5.10 | |
| owncloud | owncloud | 5.0.0 | |
| owncloud | owncloud | 5.0.1 | |
| owncloud | owncloud | 5.0.2 | |
| owncloud | owncloud | 5.0.3 | |
| owncloud | owncloud | 5.0.4 | |
| owncloud | owncloud | 5.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F97DF5D-DC0E-43FB-B0D2-4AA8C2A5413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en lib/bookmarks.php en ownCloud Server 4.5.x anterior a 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2046",
"lastModified": "2024-11-21T01:50:55.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-09T13:16:56.287",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/93383"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59969"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-15 17:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:happyworm:jplayer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8CE8FC-9F97-42D8-A285-A0396A4E27CE",
"versionEndIncluding": "2.2.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:0.2.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "0C05F0A8-2769-4583-A475-97712D557775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:0.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "1C3991D8-DD4A-4622-A0E8-C65F9D73A429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:0.2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "21F669D7-3D60-44BA-91F8-548C9903E1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:0.2.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "A84C5A87-0430-46F6-A136-39B471A79200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:0.2.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "671BBCBC-7347-4884-8CF0-79626756FCCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF21E522-89C8-49D6-8437-C54CEAE4B234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE1B6AA-052F-403D-B0E6-81505D085E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAACB377-B72E-4C3B-989D-8D33D47E449A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A619C177-6E97-42DC-A93F-1AB9FF62F4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD3C20-0352-44A2-81C5-94D43683545C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2573E598-5171-4A4B-9054-7E52DD1C8118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB9929D6-1BDE-438B-82F5-EA3CC85FD675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4277499-5570-427E-AA92-39E622992F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D662512-9A68-48C9-8362-913B432C67CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "154075A2-89E5-4104-A5A8-98F7C90B000F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9364A70E-06FA-4142-88D7-B5D50DC28025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "92A73773-E3E1-4E64-84F7-10A5AB52E8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1467D6-0988-4AC0-B56E-80BD9350088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1F3549-1F8C-41AB-82BF-636531614594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AA58A0CE-0A37-4BD4-A727-7E2EB09668A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A54796-F789-4645-B82A-2466FDA010B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7C444A04-F6C4-45C2-9EDF-64D901003B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECCC879-B1D0-4994-B650-1516ECE44E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3944BB3A-D84E-4536-BE69-0F5F5794271E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D99BED98-6C3E-4088-98C6-3D07762261C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFAB697-EE0D-4F59-9D99-E585F9F78414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "018D71A2-7E77-42D1-8349-07681AEF08C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC30B1A-0D62-4A25-8269-CAF087FD65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0796C534-782E-4000-9CD1-678B918D1644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "59B1FBE8-DF84-4AC7-B4C4-A186354DB57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6B210F-A45D-4C9F-9005-CCFC49CC01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "490C6A01-F0AC-4E92-BE7F-A6579A587269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F18250-C5B8-4D30-8330-C07EB0A765EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "76023F77-7B30-4283-B07A-6C4C0E3382A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0812334D-2679-4362-8EA3-C89E8786872C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "252DD6F7-8489-4387-8797-F6018456AD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "7589B05C-E361-47CE-B5AB-70462348FC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "0D031586-D974-4B98-87CA-9695547B0080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2B1723-6C40-4992-BAE6-FCDB1C9AB7BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD668BB-C691-4A57-9E87-4AE2C2A9BC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D9431D12-58B7-4943-8E1C-80559BF83ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8733FE-C6FC-433F-91D5-A843486788B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "698CB307-8F9A-40DF-A992-1346FC36E8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC42A34-54AD-4C9B-A664-3FE7E5D1C317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4062AFBE-E501-447E-9C05-B7C07473D096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8467C8-9A25-45FF-8955-EDE06AA6ED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B9F1E-8FB0-4B3F-9CCE-A1A058A13582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63C62C17-DB82-4770-9C25-C5571C0CFD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B6617C-7C6A-4A1D-8D7F-4BFB16253396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08E970BC-1C31-4FB5-A848-A98CED0711D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B790B03-4E29-4C20-86A6-FBED36647789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "04DF09ED-1209-4C0C-A589-99D4049DB0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF64FC2-CCB2-4709-81FB-6CFB1D6269C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA24DA7-D0F8-4478-97CA-3144C9E3E0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85DC9D2C-B237-4C5C-91BC-41A765F6EA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D662D8BD-7C84-405F-8958-D61268318144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B62E1BCC-14FC-42B1-B783-0314481C6D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9F733A-D5D5-453B-ACB7-45177BF44B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30195444-2815-4D11-96EC-E2F401D681A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BFE4E-74B4-44B4-A64A-04311E8C1867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB595B-0E1D-4FA8-95C0-2C7972056B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8009A6-EDD4-4C00-A767-B72CC6E0F3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC0C8AC-EAD3-4067-B8E8-A217A1A91DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E24FF8E-88D4-47F4-9144-D2FEA7F9D1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB102921-177A-4290-904C-8369F83DD0E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1864F-DC3B-4BBD-B809-C073C625DC76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "51C8FF95-B063-4777-8BE5-2E3FD2F41141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEBEA6-4299-4390-A40D-448EB5D6B410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0E000589-7D68-47D5-80E6-20189C48600C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63C4ED-C675-4B02-AF70-899A2619BF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D52294B4-7963-44C9-B577-80F41AB9F70A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:happyworm:jplayer:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5E7A83-6237-48E6-9E22-A2FAE00CF735",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7189069-5B67-4503-B7B4-942D47EB0473",
"versionEndIncluding": "5.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C88496-C383-4C6B-ABCC-362EF6C6DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1BD85-6443-438C-9490-C39BD6970F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "786C0B60-FFF9-4B54-91AD-C8A177FF7D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4011972-8C9A-47DA-B7E1-BC1951AEC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "59C62AA4-A398-4D20-B0D4-18437027AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "74FD954F-460F-42F0-A8B2-EC46710E3C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0C079E-48B7-4266-A343-D555C0ECD611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7B48E86B-7685-4EB0-9172-492842DEEE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A670DD33-A604-4BD4-8235-4500B05F518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C77250D-017E-4907-923E-127227EB68CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E1583C4C-6501-48ED-BF31-AFCF38C5D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04C004-0238-424A-8364-9ED780850DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "79736879-F5A3-4769-862F-531BDDC946B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1754FC-6F84-43F0-89E0-596A05B6E42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9103C7E8-A6A3-4AF7-B303-4E9EF008EBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43448288-B129-4210-9680-55836869F09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en actionscript/Jplayer.as en el componente Flash SWF (jplayer.swf) en jPlayer en versiones anteriores a 2.2.20, como se utiliza en ownCloud Server en versiones anteriores a 5.0.4 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) jQuery o (2) id, como se demuestra usando document.write en el par\u00e1metro jQuery, una vulnerabilidad diferente a CVE-2013-2022 y CVE-2013-2023."
}
],
"id": "CVE-2013-1942",
"lastModified": "2024-11-21T01:50:43.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-15T17:55:24.400",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136570964825921\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136726705917858\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136773622321563\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"source": "secalert@redhat.com",
"url": "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59030"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136570964825921\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136726705917858\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136773622321563\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-2270
Vulnerability from cvelistv5
Published
2012-04-20 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/security/advisories/CVE-2012-2270/ | x_refsource_CONFIRM | |
| http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/48850 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53145 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75029 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/81211 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "53145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"name": "owncloud-index-open-redirect(75029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
},
{
"name": "81211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "53145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"name": "owncloud-index-open-redirect(75029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
},
{
"name": "81211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/security/advisories/CVE-2012-2270/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48850"
},
{
"name": "53145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"name": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"name": "owncloud-index-open-redirect(75029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
},
{
"name": "81211",
"refsource": "OSVDB",
"url": "http://osvdb.org/81211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2270",
"datePublished": "2012-04-20T10:00:00",
"dateReserved": "2012-04-17T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5606
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/e5f2d46 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/ce66759 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51357 | third-party-advisory, x_refsource_SECUNIA | |
| http://owncloud.org/security/advisories/oc-sa-2012-001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/e45f36c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/e5f2d46"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/ce66759"
},
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-001/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/e45f36c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/e5f2d46"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/ce66759"
},
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-001/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/e45f36c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/e5f2d46",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/e5f2d46"
},
{
"name": "https://github.com/owncloud/core/commit/ce66759",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/ce66759"
},
{
"name": "51357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51357"
},
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-001/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "https://github.com/owncloud/core/commit/e45f36c",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/e45f36c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5606",
"datePublished": "2012-12-18T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T19:24:47.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2051
Vulnerability from cvelistv5
Published
2014-06-05 15:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a \"login query.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-05T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a \"login query.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2051",
"datePublished": "2014-06-05T15:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2048
Vulnerability from cvelistv5
Published
2018-03-26 18:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisories/insecure-openid-implementation/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91973 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/insecure-openid-implementation/"
},
{
"name": "owncloud-cve20142048-sec-bypass(91973)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisories/insecure-openid-implementation/"
},
{
"name": "owncloud-cve20142048-sec-bypass(91973)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisories/insecure-openid-implementation/",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisories/insecure-openid-implementation/"
},
{
"name": "owncloud-cve20142048-sec-bypass(91973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2048",
"datePublished": "2018-03-26T18:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1850
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-009/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-009/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1850",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1967
Vulnerability from cvelistv5
Published
2014-02-05 15:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83647 | vdb-entry, x_refsource_XF | |
| https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=955307 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q2/111 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53079 | third-party-advisory, x_refsource_SECUNIA | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-017 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2013/q2/133 | mailing-list, x_refsource_MLIST | |
| https://github.com/johndyer/mediaelement/tree/2.11.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mediaelementjs-flashmediaelement-xss(83647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"name": "[oss-security] 20130417 Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"name": "53079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"name": "[oss-security] 20130421 ownCloud Security Advisories (2013-017, 2013-018)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "mediaelementjs-flashmediaelement-xss(83647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955307"
},
{
"name": "[oss-security] 20130417 Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/111"
},
{
"name": "53079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-017"
},
{
"name": "[oss-security] 20130421 ownCloud Security Advisories (2013-017, 2013-018)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/johndyer/mediaelement/tree/2.11.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1967",
"datePublished": "2014-02-05T15:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5666
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57030 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/12/22/5 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51614 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/owncloud/apps/commit/eafa9b2 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/b24c929cc0 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/12/22/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57030"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/apps/commit/eafa9b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/b24c929cc0"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57030"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/apps/commit/eafa9b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/b24c929cc0"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51614"
},
{
"name": "https://github.com/owncloud/apps/commit/eafa9b2",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/apps/commit/eafa9b2"
},
{
"name": "https://github.com/owncloud/core/commit/b24c929cc0",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/b24c929cc0"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5666",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:10.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9048
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-024 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9048",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9466
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-009 | x_refsource_MISC | |
| https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58 | x_refsource_MISC | |
| https://hackerone.com/reports/165686 | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-019 | x_refsource_MISC | |
| https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a | x_refsource_MISC | |
| https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/165686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/165686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-009"
},
{
"name": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58",
"refsource": "MISC",
"url": "https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58"
},
{
"name": "https://hackerone.com/reports/165686",
"refsource": "MISC",
"url": "https://hackerone.com/reports/165686"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-019"
},
{
"name": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a",
"refsource": "MISC",
"url": "https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a"
},
{
"name": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee",
"refsource": "MISC",
"url": "https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9466",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4391
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4391",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:37.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10254
Vulnerability from cvelistv5
Published
2021-02-19 06:02
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/changelog/server/ | x_refsource_MISC | |
| https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | x_refsource_MISC | |
| https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T06:02:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/changelog/server/",
"refsource": "MISC",
"url": "https://owncloud.org/changelog/server/"
},
{
"name": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44",
"refsource": "MISC",
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"name": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/",
"refsource": "CONFIRM",
"url": "https://owncloud.com/security-advisories/public-link-password-bypass-via-image-previews/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10254",
"datePublished": "2021-02-19T06:02:12",
"dateReserved": "2020-03-09T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2398
Vulnerability from cvelistv5
Published
2012-04-20 10:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/48850 | third-party-advisory, x_refsource_SECUNIA | |
| http://owncloud.org/security/advisories/cve-2012-2398/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/cve-2012-2398/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/cve-2012-2398/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48850"
},
{
"name": "http://owncloud.org/security/advisories/cve-2012-2398/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/cve-2012-2398/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2398",
"datePublished": "2012-04-20T10:00:00",
"dateReserved": "2012-04-20T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6403
Vulnerability from cvelistv5
Published
2013-12-24 18:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/55792 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2013/11/28/6 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89323 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55792"
},
{
"name": "[oss-security] 20131128 Re: CVE Request: ownCloud security bypass on admin page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "owncloud-cve20136403-security-bypass(89323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55792"
},
{
"name": "[oss-security] 20131128 Re: CVE Request: ownCloud security bypass on admin page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "owncloud-cve20136403-security-bypass(89323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55792"
},
{
"name": "[oss-security] 20131128 Re: CVE Request: ownCloud security bypass on admin page",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/6"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "owncloud-cve20136403-security-bypass(89323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6403",
"datePublished": "2013-12-24T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2041
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2041",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3836
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-014/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3836",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0301
Vulnerability from cvelistv5
Published
2014-03-14 17:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T16:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0301",
"datePublished": "2014-03-14T17:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1941
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-015/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-015/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1941",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1939
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ | x_refsource_CONFIRM | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-016/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTML\\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \\ (backslash) character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML\\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \\ (backslash) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/?fromgroups=#!topic/sabredav-discuss/ehOUu7wTSGQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/?fromgroups=#!topic/sabredav-discuss/ehOUu7wTSGQ"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-016/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1939",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43679
Vulnerability from cvelistv5
Published
2022-11-10 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:05.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://owncloud.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://owncloud.com"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43679",
"datePublished": "2022-11-10T00:00:00",
"dateReserved": "2022-10-24T00:00:00",
"dateUpdated": "2024-08-03T13:40:05.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2046
Vulnerability from cvelistv5
Published
2014-03-07 20:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q2/324 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-019 | x_refsource_CONFIRM | |
| http://osvdb.org/93383 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/59969 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130514 ownCloud Security Advisories oC-SA-0{19-27}",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"name": "93383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93383"
},
{
"name": "59969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130514 ownCloud Security Advisories oC-SA-0{19-27}",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
},
{
"name": "93383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93383"
},
{
"name": "59969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59969"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2046",
"datePublished": "2014-03-07T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28644
Vulnerability from cvelistv5
Published
2021-02-09 18:18
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version \u003c 10.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T18:18:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version \u003c 10.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28644",
"datePublished": "2021-02-09T18:18:35",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5608
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51357 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| http://owncloud.org/security/advisories/oc-sa-2012-003/ | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/054c168 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51357"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/054c168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51357"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/054c168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51357"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-003/"
},
{
"name": "https://github.com/owncloud/core/commit/054c168",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/054c168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5608",
"datePublished": "2012-12-18T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:12.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5336
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/CVE-2012-5336/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/CVE-2012-5336/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5336",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2012-10-08T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4396
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254"
},
{
"name": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438"
},
{
"name": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7"
},
{
"name": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5"
},
{
"name": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c"
},
{
"name": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb"
},
{
"name": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4396",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T03:14:34.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1500
Vulnerability from cvelistv5
Published
2016-01-08 21:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2016-003 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the \"file_versions\" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with \".v\" and belonging to a sharing user by leveraging an incoming share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the \"file_versions\" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with \".v\" and belonging to a sharing user by leveraging an incoming share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1500",
"datePublished": "2016-01-08T21:00:00",
"dateReserved": "2016-01-06T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5876
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95861 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-010 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:09.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95861"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95861"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95861"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5876",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:09.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9047
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-026 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9047",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5866
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2017-002 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96426 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002"
},
{
"name": "96426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002"
},
{
"name": "96426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-002"
},
{
"name": "96426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5866",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0298
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0298",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25338
Vulnerability from cvelistv5
Published
2022-04-07 14:01
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/cve-2022-25338/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25338/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T14:01:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25338/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/cve-2022-25338/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2022-25338/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25338",
"datePublished": "2022-04-07T14:01:39",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16255
Vulnerability from cvelistv5
Published
2021-01-15 17:04
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisories/ | x_refsource_MISC | |
| https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud (Core) before 10.5 allows XSS in login page \u0027forgot password.\u0027"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:04:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud (Core) before 10.5 allows XSS in login page \u0027forgot password.\u0027"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisories/",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisories/"
},
{
"name": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/reflected-xss-in-login-page-forgot-password-functionallity/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16255",
"datePublished": "2021-01-15T17:04:47",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0302
Vulnerability from cvelistv5
Published
2014-06-05 15:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to \"inclusion of the Amazon SDK testing suite.\" NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-05T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to \"inclusion of the Amazon SDK testing suite.\" NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0302",
"datePublished": "2014-06-05T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1893
Vulnerability from cvelistv5
Published
2014-03-07 20:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-012 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/58855 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83253 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-012"
},
{
"name": "58855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58855"
},
{
"name": "owncloud-addressbookprovider-sql-injection(83253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-012"
},
{
"name": "58855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58855"
},
{
"name": "owncloud-addressbookprovider-sql-injection(83253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-012",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-012"
},
{
"name": "58855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58855"
},
{
"name": "owncloud-addressbookprovider-sql-injection(83253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1893",
"datePublished": "2014-03-07T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3835
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-012/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-012/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3835",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0204
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0204",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1501
Vulnerability from cvelistv5
Published
2016-01-08 21:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2016-004 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1501",
"datePublished": "2016-01-08T21:00:00",
"dateReserved": "2016-01-06T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9460
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/145463 | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-013 | x_refsource_MISC | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-003 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97282 | vdb-entry, x_refsource_BID | |
| https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/145463"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"name": "97282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97282"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/145463"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"name": "97282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97282"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/145463",
"refsource": "MISC",
"url": "https://hackerone.com/reports/145463"
},
{
"name": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"name": "97282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97282"
},
{
"name": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"name": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"name": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9460",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2042
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2042",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9041
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-027 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9041",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1963
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-018/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1963",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9042
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-028 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9042",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9049
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-025 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9049",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23948
Vulnerability from cvelistv5
Published
2023-02-13 16:30
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:07.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "ownCloud",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T16:30:18.434Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
}
],
"source": {
"advisory": "GHSA-frxf-4q42-58fg",
"discovery": "UNKNOWN"
},
"title": "ownCloud Android app vulnerable to SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23948",
"datePublished": "2023-02-13T16:30:18.434Z",
"dateReserved": "2023-01-19T21:12:31.362Z",
"dateUpdated": "2024-08-02T10:49:07.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9465
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-008 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e | x_refsource_MISC | |
| https://hackerone.com/reports/163338 | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-018 | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/163338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/163338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"
},
{
"name": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"
},
{
"name": "https://hackerone.com/reports/163338",
"refsource": "MISC",
"url": "https://hackerone.com/reports/163338"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"
},
{
"name": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"
},
{
"name": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9465",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2269
Vulnerability from cvelistv5
Published
2012-04-20 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/81210 | vdb-entry, x_refsource_OSVDB | |
| http://owncloud.org/security/advisories/CVE-2012-2269/ | x_refsource_CONFIRM | |
| http://osvdb.org/81206 | vdb-entry, x_refsource_OSVDB | |
| http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/48850 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/81209 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/53145 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/81207 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/81208 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75028 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81210"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2269/"
},
{
"name": "81206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "81209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81209"
},
{
"name": "53145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53145"
},
{
"name": "81207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81207"
},
{
"name": "81208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81208"
},
{
"name": "owncloud-multiple1-xss(75028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81210"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2269/"
},
{
"name": "81206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "81209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81209"
},
{
"name": "53145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53145"
},
{
"name": "81207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81207"
},
{
"name": "81208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81208"
},
{
"name": "owncloud-multiple1-xss(75028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81210",
"refsource": "OSVDB",
"url": "http://osvdb.org/81210"
},
{
"name": "http://owncloud.org/security/advisories/CVE-2012-2269/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/CVE-2012-2269/"
},
{
"name": "81206",
"refsource": "OSVDB",
"url": "http://osvdb.org/81206"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48850"
},
{
"name": "81209",
"refsource": "OSVDB",
"url": "http://osvdb.org/81209"
},
{
"name": "53145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"name": "81207",
"refsource": "OSVDB",
"url": "http://osvdb.org/81207"
},
{
"name": "81208",
"refsource": "OSVDB",
"url": "http://osvdb.org/81208"
},
{
"name": "owncloud-multiple1-xss(75028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2269",
"datePublished": "2012-04-20T10:00:00",
"dateReserved": "2012-04-17T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4393
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745 | x_refsource_CONFIRM | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4393",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:08.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35949
Vulnerability from cvelistv5
Published
2021-09-07 18:59
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.owncloud.com/server/admin_manual/release_notes.html | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2021-35949/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35949/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T18:59:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35949/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.owncloud.com/server/admin_manual/release_notes.html",
"refsource": "MISC",
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"name": "https://owncloud.com/security-advisories/cve-2021-35949/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2021-35949/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35949",
"datePublished": "2021-09-07T18:59:40",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5955
Vulnerability from cvelistv5
Published
2015-10-29 20:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2015-013 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-29T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5955",
"datePublished": "2015-10-29T20:00:00",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49105
Vulnerability from cvelistv5
Published
2023-11-21 00:00
Modified
2024-08-29 20:42
Severity ?
EPSS score ?
Summary
An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://owncloud.org/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T05:00:24.236864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:42:13.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T21:25:15.077730",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://owncloud.org/security"
},
{
"url": "https://owncloud.com/security-advisories/webdav-api-authentication-bypass-using-pre-signed-urls/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49105",
"datePublished": "2023-11-21T00:00:00",
"dateReserved": "2023-11-21T00:00:00",
"dateUpdated": "2024-08-29T20:42:13.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7698
Vulnerability from cvelistv5
Published
2015-10-21 18:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2015-017 | x_refsource_CONFIRM | |
| https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-21T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-017"
},
{
"name": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032",
"refsource": "CONFIRM",
"url": "https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7698",
"datePublished": "2015-10-21T18:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1498
Vulnerability from cvelistv5
Published
2016-01-08 21:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2016-001 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1498",
"datePublished": "2016-01-08T21:00:00",
"dateReserved": "2016-01-06T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9461
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2016-014 | x_refsource_MISC | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-004 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97276 | vdb-entry, x_refsource_BID | |
| https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547 | x_refsource_MISC | |
| https://hackerone.com/reports/145950 | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
},
{
"name": "97276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/145950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "Permission Issues (CWE-275)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
},
{
"name": "97276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/145950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission Issues (CWE-275)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
},
{
"name": "97276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97276"
},
{
"name": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
},
{
"name": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
},
{
"name": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
},
{
"name": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
},
{
"name": "https://hackerone.com/reports/145950",
"refsource": "MISC",
"url": "https://hackerone.com/reports/145950"
},
{
"name": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9461",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3833
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-010 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-010",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3833",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4397
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-17 00:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3 | x_refsource_CONFIRM | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e"
},
{
"name": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4397",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:47:02.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3837
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-015/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3837",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5953
Vulnerability from cvelistv5
Published
2015-10-21 15:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-010 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a \" (double quote) character in a filename in a shared folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a \" (double quote) character in a filename in a shared folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5953",
"datePublished": "2015-10-21T15:00:00",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24804
Vulnerability from cvelistv5
Published
2023-02-13 16:28
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ | x_refsource_CONFIRM | |
| https://hackerone.com/reports/377107 | x_refsource_MISC | |
| https://owncloud.com/security-advisories/oc-sa-2023-001/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
},
{
"name": "https://hackerone.com/reports/377107",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/377107"
},
{
"name": "https://owncloud.com/security-advisories/oc-sa-2023-001/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/oc-sa-2023-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "ownCloud",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app\u2019s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T16:28:43.705Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/"
},
{
"name": "https://hackerone.com/reports/377107",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/377107"
},
{
"name": "https://owncloud.com/security-advisories/oc-sa-2023-001/",
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/oc-sa-2023-001/"
}
],
"source": {
"advisory": "GHSA-jfjw-q7fr-7wm4",
"discovery": "UNKNOWN"
},
"title": "ownCloud Android app vulnerable to Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24804",
"datePublished": "2023-02-13T16:28:43.705Z",
"dateReserved": "2023-01-30T14:43:33.702Z",
"dateUpdated": "2024-08-02T11:03:19.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2044
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-022/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-022/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2044",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4753
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4753",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-09-05T00:00:00Z",
"dateUpdated": "2024-09-16T23:30:31.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9462
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-015 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97285 | vdb-entry, x_refsource_BID | |
| https://hackerone.com/reports/146067 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c | x_refsource_MISC | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-005 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1"
},
{
"name": "97285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/146067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "Permission Issues (CWE-275)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1"
},
{
"name": "97285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/146067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission Issues (CWE-275)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/1208953ba1d4d55a18a639846bbcdd66a2d5bc5e"
},
{
"name": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-015"
},
{
"name": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/3b056fa68ce502ceb0db9b446dab3b9e7b10dd13"
},
{
"name": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1"
},
{
"name": "97285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97285"
},
{
"name": "https://hackerone.com/reports/146067",
"refsource": "MISC",
"url": "https://hackerone.com/reports/146067"
},
{
"name": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/23383080731d092e079986464a8c4c9ffcb79f4c"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9462",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7699
Vulnerability from cvelistv5
Published
2015-10-26 15:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2015-018 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/pull/18558 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/pull/18558"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to \"objectstore.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-26T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/pull/18558"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to \"objectstore.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-018"
},
{
"name": "https://github.com/owncloud/core/pull/18558",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/pull/18558"
},
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7699",
"datePublished": "2015-10-26T15:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36251
Vulnerability from cvelistv5
Published
2021-02-19 07:00
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else\u0027s access to that share."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T07:00:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else\u0027s access to that share."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/deleting-received-group-share-for-whole-group/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36251",
"datePublished": "2021-02-19T07:00:03",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6500
Vulnerability from cvelistv5
Published
2015-10-26 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-014 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt"
},
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6500",
"datePublished": "2015-10-26T14:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2397
Vulnerability from cvelistv5
Published
2012-04-20 10:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/48850 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75030 | vdb-entry, x_refsource_XF | |
| http://owncloud.org/security/advisories/CVE-2012-2397/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "owncloud-unspecified-csrf(75030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2397/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-12T17:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48850"
},
{
"name": "owncloud-unspecified-csrf(75030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/CVE-2012-2397/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48850"
},
{
"name": "owncloud-unspecified-csrf(75030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75030"
},
{
"name": "http://owncloud.org/security/advisories/CVE-2012-2397/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/CVE-2012-2397/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2397",
"datePublished": "2012-04-20T10:00:00",
"dateReserved": "2012-04-20T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2043
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-024/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2043",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0202
Vulnerability from cvelistv5
Published
2019-11-22 18:53
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 | x_refsource_MISC | |
| https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ownCloud",
"vendor": "ownCloud",
"versions": [
{
"status": "affected",
"version": "4.5.5"
},
{
"status": "affected",
"version": "4.0.10"
},
{
"status": "affected",
"version": "and earlier"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T18:53:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ownCloud",
"version": {
"version_data": [
{
"version_value": "4.5.5"
},
{
"version_value": "4.0.10"
},
{
"version_value": "and earlier"
}
]
}
}
]
},
"vendor_name": "ownCloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"name": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0202",
"datePublished": "2019-11-22T18:53:38",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0203
Vulnerability from cvelistv5
Published
2019-11-22 18:53
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81478 | x_refsource_MISC | |
| https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ownCloud | ownCloud Server |
Version: 4.5.5 Version: 4.0.10 Version: and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ownCloud Server",
"vendor": "ownCloud",
"versions": [
{
"status": "affected",
"version": "4.5.5"
},
{
"status": "affected",
"version": "4.0.10"
},
{
"status": "affected",
"version": "and earlier"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T18:53:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ownCloud Server",
"version": {
"version_data": [
{
"version_value": "4.5.5"
},
{
"version_value": "4.0.10"
},
{
"version_value": "and earlier"
}
]
}
}
]
},
"vendor_name": "ownCloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81478"
},
{
"name": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0203",
"datePublished": "2019-11-22T18:53:44",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4392
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 18:18
Severity ?
EPSS score ?
Summary
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4392",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:18:24.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7419
Vulnerability from cvelistv5
Published
2016-09-17 21:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92373 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-011 | x_refsource_CONFIRM | |
| https://hackerone.com/reports/145355 | x_refsource_MISC | |
| https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc | x_refsource_CONFIRM | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-001 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/145355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/145355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
},
{
"name": "https://hackerone.com/reports/145355",
"refsource": "MISC",
"url": "https://hackerone.com/reports/145355"
},
{
"name": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7419",
"datePublished": "2016-09-17T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0201
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/89511 | vdb-entry, x_refsource_OSVDB | |
| https://github.com/owncloud/core/commit/b8e0309 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/4e2b834 | x_refsource_CONFIRM | |
| http://osvdb.org/89505 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81475 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/89506 | vdb-entry, x_refsource_OSVDB | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-001 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "89511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/b8e0309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4e2b834"
},
{
"name": "89505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89505"
},
{
"name": "owncloud-mime-token-xss(81475)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81475"
},
{
"name": "89506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "89511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/b8e0309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4e2b834"
},
{
"name": "89505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89505"
},
{
"name": "owncloud-mime-token-xss(81475)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81475"
},
{
"name": "89506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89511",
"refsource": "OSVDB",
"url": "http://osvdb.org/89511"
},
{
"name": "https://github.com/owncloud/core/commit/b8e0309",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/b8e0309"
},
{
"name": "https://github.com/owncloud/core/commit/4e2b834",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4e2b834"
},
{
"name": "89505",
"refsource": "OSVDB",
"url": "http://osvdb.org/89505"
},
{
"name": "owncloud-mime-token-xss(81475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81475"
},
{
"name": "89506",
"refsource": "OSVDB",
"url": "http://osvdb.org/89506"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-001",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0201",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1890
Vulnerability from cvelistv5
Published
2014-03-07 20:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83245 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/58852 | vdb-entry, x_refsource_BID | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-011 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "owncloud-cve20131890-multiple-xss(83245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245"
},
{
"name": "58852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58852"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "owncloud-cve20131890-multiple-xss(83245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245"
},
{
"name": "58852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58852"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "owncloud-cve20131890-multiple-xss(83245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83245"
},
{
"name": "58852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58852"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-011",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1890",
"datePublished": "2014-03-07T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3838
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-016/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-016/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3838",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3834
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-011/ | x_refsource_CONFIRM | |
| http://owncloud.org/about/security/advisories/oc-sa-2014-013/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-011/"
},
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3834",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35946
Vulnerability from cvelistv5
Published
2021-09-07 19:04
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.owncloud.com/server/admin_manual/release_notes.html | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2021-35946/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35946/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T19:04:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35946/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.owncloud.com/server/admin_manual/release_notes.html",
"refsource": "MISC",
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"name": "https://owncloud.com/security-advisories/cve-2021-35946/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2021-35946/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35946",
"datePublished": "2021-09-07T19:04:19",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0297
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0297",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9340
Vulnerability from cvelistv5
Published
2017-07-17 21:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/166581 | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2017-006 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/166581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/166581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/166581",
"refsource": "MISC",
"url": "https://hackerone.com/reports/166581"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9340",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4390
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-17 03:59
Severity ?
EPSS score ?
Summary
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707 | x_refsource_CONFIRM | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4390",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T03:59:01.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2057
Vulnerability from cvelistv5
Published
2014-03-23 15:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-23T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2057",
"datePublished": "2014-03-23T15:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2089
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-026/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2089",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2050
Vulnerability from cvelistv5
Published
2020-01-23 19:07
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisories/host-header-poisoning/ | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/66221 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91971 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/host-header-poisoning/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/66221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T19:07:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisories/host-header-poisoning/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/66221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisories/host-header-poisoning/",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisories/host-header-poisoning/"
},
{
"name": "https://www.securityfocus.com/bid/66221",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/66221"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2050",
"datePublished": "2020-01-23T19:07:01",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5341
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-019 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5341",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-08-18T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1822
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-008/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) \"share with\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) \"share with\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1822",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2040
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-021/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-021/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2040",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9467
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/154827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/154827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
},
{
"name": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
},
{
"name": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
},
{
"name": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
},
{
"name": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
},
{
"name": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
},
{
"name": "https://hackerone.com/reports/154827",
"refsource": "MISC",
"url": "https://hackerone.com/reports/154827"
},
{
"name": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"name": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9467",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9043
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-020 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9043",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2053
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3001 | vendor-advisory, x_refsource_DEBIAN | |
| https://wordpress.org/news/2014/08/wordpress-3-9-2/ | x_refsource_CONFIRM | |
| http://getid3.sourceforge.net/source/changelog.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58002 | third-party-advisory, x_refsource_SECUNIA | |
| http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://getid3.sourceforge.net/source/changelog.txt"
},
{
"name": "58002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://getid3.sourceforge.net/source/changelog.txt"
},
{
"name": "58002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3001",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"name": "https://wordpress.org/news/2014/08/wordpress-3-9-2/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"name": "http://getid3.sourceforge.net/source/changelog.txt",
"refsource": "CONFIRM",
"url": "http://getid3.sourceforge.net/source/changelog.txt"
},
{
"name": "58002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58002"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2053",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6670
Vulnerability from cvelistv5
Published
2015-10-26 14:00
Modified
2024-08-06 07:29
Severity ?
EPSS score ?
Summary
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-015 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6670",
"datePublished": "2015-10-26T14:00:00",
"dateReserved": "2015-08-25T00:00:00",
"dateUpdated": "2024-08-06T07:29:24.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4752
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4752",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-09-05T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:49.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5865
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2017-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96425 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:49.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
},
{
"name": "96425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
},
{
"name": "96425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-001"
},
{
"name": "96425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5865",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:49.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2047
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-023/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2047",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1499
Vulnerability from cvelistv5
Published
2016-01-08 21:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537244/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt | x_refsource_MISC | |
| http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/537556/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://owncloud.org/security/advisory/?id=oc-sa-2016-002 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160107 [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537244/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html"
},
{
"name": "20160219 [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537556/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160107 [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537244/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html"
},
{
"name": "20160219 [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537556/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160107 [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537244/100/0/threaded"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt"
},
{
"name": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html"
},
{
"name": "20160219 [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537556/100/0/threaded"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1499",
"datePublished": "2016-01-08T21:00:00",
"dateReserved": "2016-01-06T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7344
Vulnerability from cvelistv5
Published
2014-03-23 15:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-23T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7344",
"datePublished": "2014-03-23T15:00:00",
"dateReserved": "2014-03-23T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2056
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2056",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2086
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-027/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-027/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2086",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3963
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-09-16 23:55
Severity ?
EPSS score ?
Summary
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-009/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-009/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3963",
"datePublished": "2014-06-04T14:00:00Z",
"dateReserved": "2014-06-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:52.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4395
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 17:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4395",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:01.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9339
Vulnerability from cvelistv5
Published
2017-07-17 21:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2017-005 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9339",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9045
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-022 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9045",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5057
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/CVE-2012-5057/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/CVE-2012-5057/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5057",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2012-09-21T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9459
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory?id=oc-sa-2016-012 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335 | x_refsource_MISC | |
| https://hackerone.com/reports/146278 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc | x_refsource_MISC | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-002 | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/97284 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/146278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
},
{
"name": "97284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Cross-Site Scripting Using MIME Type Mismatch (CWE-209)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/146278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
},
{
"name": "97284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting Using MIME Type Mismatch (CWE-209)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory?id=oc-sa-2016-012",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
},
{
"name": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
},
{
"name": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
},
{
"name": "https://hackerone.com/reports/146278",
"refsource": "MISC",
"url": "https://hackerone.com/reports/146278"
},
{
"name": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
},
{
"name": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
},
{
"name": "97284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9459",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0304
Vulnerability from cvelistv5
Published
2014-06-05 15:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-05T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-007/"
},
{
"name": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf",
"refsource": "MISC",
"url": "http://securite.intrinsec.com/wp-content/uploads/2013/02/ISEC-V2013-01-v-1.0-Owncloud-4.5.4-Arbitrary-calendar-export.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0304",
"datePublished": "2014-06-05T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4929
Vulnerability from cvelistv5
Published
2014-08-20 14:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0301.html | x_refsource_CONFIRM | |
| http://owncloud.org/security/advisory/?id=oc-sa-2014-018 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:140 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/68975 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0301.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018"
},
{
"name": "MDVSA-2014:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140"
},
{
"name": "68975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-20T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0301.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018"
},
{
"name": "MDVSA-2014:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140"
},
{
"name": "68975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0301.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0301.html"
},
{
"name": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisory/?id=oc-sa-2014-018"
},
{
"name": "MDVSA-2014:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:140"
},
{
"name": "68975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4929",
"datePublished": "2014-08-20T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4715
Vulnerability from cvelistv5
Published
2020-02-17 18:09
Modified
2024-08-06 06:25
Severity ?
EPSS score ?
Summary
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-005 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/76158 | x_refsource_MISC | |
| https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:25:21.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T18:09:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/76158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77a"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-005"
},
{
"name": "http://www.securityfocus.com/bid/76158",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/76158"
},
{
"name": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-com-access-file/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4715",
"datePublished": "2020-02-17T18:09:59",
"dateReserved": "2015-06-22T00:00:00",
"dateUpdated": "2024-08-06T06:25:21.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31649
Vulnerability from cvelistv5
Published
2022-06-09 00:51
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/ | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2022-31649/ | x_refsource_MISC | |
| https://cwe.mitre.org/data/definitions/212.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2022-31649/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T00:12:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2022-31649/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/",
"refsource": "MISC",
"url": "https://owncloud.org/security/"
},
{
"name": "https://owncloud.com/security-advisories/cve-2022-31649/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2022-31649/"
},
{
"name": "https://cwe.mitre.org/data/definitions/212.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31649",
"datePublished": "2022-06-09T00:51:14",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2055
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | x_refsource_CONFIRM | |
| https://github.com/fruux/sabre-dav/releases/tag/1.7.11 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"name": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11",
"refsource": "CONFIRM",
"url": "https://github.com/fruux/sabre-dav/releases/tag/1.7.11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2055",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2054
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt | x_refsource_CONFIRM | |
| http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt",
"refsource": "CONFIRM",
"url": "https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2054",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2045
Vulnerability from cvelistv5
Published
2014-03-07 20:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/93384 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/oss-sec/2013/q2/324 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-019 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93384"
},
{
"name": "[oss-security] 20130514 ownCloud Security Advisories oC-SA-0{19-27}",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-07T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93384"
},
{
"name": "[oss-security] 20130514 ownCloud Security Advisories oC-SA-0{19-27}",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93384",
"refsource": "OSVDB",
"url": "http://osvdb.org/93384"
},
{
"name": "[oss-security] 20130514 ownCloud Security Advisories oC-SA-0{19-27}",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/324"
},
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-019",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2045",
"datePublished": "2014-03-07T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5665
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/c4ecbad | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57030 | vdb-entry, x_refsource_BID | |
| https://github.com/owncloud/core/commit/db7ca53 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/12/22/5 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51614 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80808 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/12/22/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/c4ecbad"
},
{
"name": "57030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/db7ca53"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51614"
},
{
"name": "owncloud-settings-sec-bypass(80808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/c4ecbad"
},
{
"name": "57030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/db7ca53"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51614"
},
{
"name": "owncloud-settings-sec-bypass(80808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/c4ecbad",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/c4ecbad"
},
{
"name": "57030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57030"
},
{
"name": "https://github.com/owncloud/core/commit/db7ca53",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/db7ca53"
},
{
"name": "[oss-security] 20121221 Re: CVE request: ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51614"
},
{
"name": "owncloud-settings-sec-bypass(80808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5665",
"datePublished": "2013-01-03T01:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3832
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oc-sa-2014-010 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-010",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3832",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1851
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user\u0027s account via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user\u0027s account via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1851",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2048
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-025/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-025/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2048",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4389
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4389",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:06.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2052
Vulnerability from cvelistv5
Published
2020-02-11 15:23
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-006/ | x_refsource_MISC | |
| https://owncloud.org/security/advisories/xxe-multiple-third-party-components/ | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/66222 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/66222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:23:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/66222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/",
"refsource": "MISC",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-006/"
},
{
"name": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisories/xxe-multiple-third-party-components/"
},
{
"name": "https://www.securityfocus.com/bid/66222",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/66222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2052",
"datePublished": "2020-02-11T15:23:46",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0300
Vulnerability from cvelistv5
Published
2014-03-14 17:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T16:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0300",
"datePublished": "2014-03-14T17:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4716
Vulnerability from cvelistv5
Published
2015-10-21 18:00
Modified
2024-08-06 06:25
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76159 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-006 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:25:21.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76159"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76159"
},
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76159"
},
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4716",
"datePublished": "2015-10-21T18:00:00",
"dateReserved": "2015-06-22T00:00:00",
"dateUpdated": "2024-08-06T06:25:21.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36248
Vulnerability from cvelistv5
Published
2021-02-19 07:00
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:P/A:N/C:H/I:N/PR:L/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T07:00:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:P/A:N/C:H/I:N/PR:L/S:U/UI:R",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36248",
"datePublished": "2021-02-19T07:00:50",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2149
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2149",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5609
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/4619c66 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51357 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/owncloud/core/commit/e8a0cea | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| http://owncloud.org/security/advisories/oc-sa-2012-004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4619c66"
},
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/e8a0cea"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4619c66"
},
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/e8a0cea"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/4619c66",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4619c66"
},
{
"name": "51357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51357"
},
{
"name": "https://github.com/owncloud/core/commit/e8a0cea",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/e8a0cea"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5609",
"datePublished": "2012-12-18T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:12:59.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2044
Vulnerability from cvelistv5
Published
2014-10-06 23:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57267 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/104082 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/66000 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/Mar/45 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/32162 | exploit, x_refsource_EXPLOIT-DB | |
| https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91757 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/531365/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57267"
},
{
"name": "104082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/104082"
},
{
"name": "66000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66000"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/45"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"
},
{
"name": "32162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"
},
{
"name": "owncloud-upload-file-upload(91757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57267"
},
{
"name": "104082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/104082"
},
{
"name": "66000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66000"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/45"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"
},
{
"name": "32162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"
},
{
"name": "owncloud-upload-file-upload(91757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57267"
},
{
"name": "104082",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/104082"
},
{
"name": "66000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66000"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/45"
},
{
"name": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html"
},
{
"name": "32162",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32162"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/"
},
{
"name": "owncloud-upload-file-upload(91757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91757"
},
{
"name": "20140306 CVE-2014-2044 - Remote Code Execution in ownCloud",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531365/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2044",
"datePublished": "2014-10-06T23:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8896
Vulnerability from cvelistv5
Published
2017-07-17 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/215410 | x_refsource_MISC | |
| https://owncloud.org/security/advisory/?id=oc-sa-2017-004 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99321 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/215410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004"
},
{
"name": "99321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/215410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004"
},
{
"name": "99321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/215410",
"refsource": "MISC",
"url": "https://hackerone.com/reports/215410"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-004"
},
{
"name": "99321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8896",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-05-11T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36252
Vulnerability from cvelistv5
Published
2021-02-19 06:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/access-to-all-file-versions/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T06:59:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/access-to-all-file-versions/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/access-to-all-file-versions/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36252",
"datePublished": "2021-02-19T06:59:36",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9338
Vulnerability from cvelistv5
Published
2017-07-17 21:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2017-007 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99322 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"name": "99322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"name": "99322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"name": "99322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9338",
"datePublished": "2017-07-17T21:00:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0307
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:08.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0307",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:08.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4394
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/08/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/02/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4394",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:29.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5610
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51357 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/owncloud/core/commit/f599267 | x_refsource_CONFIRM | |
| http://owncloud.org/security/advisories/oc-sa-2012-005/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/6540c0fc63 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/4b86c43 | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/3cd416b667 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/f599267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/3cd416b667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/f599267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/3cd416b667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51357"
},
{
"name": "https://github.com/owncloud/core/commit/f599267",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/f599267"
},
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "https://github.com/owncloud/core/commit/6540c0fc63",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"name": "https://github.com/owncloud/core/commit/4b86c43",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"name": "https://github.com/owncloud/core/commit/3cd416b667",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/3cd416b667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5610",
"datePublished": "2012-12-18T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-17T00:35:31.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36250
Vulnerability from cvelistv5
Published
2021-02-19 07:00
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:P/A:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T07:00:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:P/A:N/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/security-lock-can-be-bypassed-by-changing-the-system-date/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36250",
"datePublished": "2021-02-19T07:00:17",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1942
Vulnerability from cvelistv5
Published
2013-08-15 17:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/59030 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=oss-security&m=136773622321563&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=136570964825921&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.jplayer.org/2.3.0/release-notes/ | x_refsource_CONFIRM | |
| http://owncloud.org/about/security/advisories/oC-SA-2013-014/ | x_refsource_CONFIRM | |
| https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2013/Apr/192 | mailing-list, x_refsource_FULLDISC | |
| http://marc.info/?l=oss-security&m=136726705917858&w=2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59030"
},
{
"name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136773622321563\u0026w=2"
},
{
"name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136570964825921\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d"
},
{
"name": "20130421 Vulnerabilities in jPlayer",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136726705917858\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59030"
},
{
"name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136773622321563\u0026w=2"
},
{
"name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136570964825921\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d"
},
{
"name": "20130421 Vulnerabilities in jPlayer",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136726705917858\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1942",
"datePublished": "2013-08-15T17:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5056
Vulnerability from cvelistv5
Published
2014-06-04 14:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/CVE-2012-5056/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-04T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/CVE-2012-5056/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5056",
"datePublished": "2014-06-04T14:00:00",
"dateReserved": "2012-09-21T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2150
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-028/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2150",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35948
Vulnerability from cvelistv5
Published
2021-09-07 19:08
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.owncloud.com/server/admin_manual/release_notes.html | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2021-35948/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35948/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T19:08:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35948/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.owncloud.com/server/admin_manual/release_notes.html",
"refsource": "MISC",
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"name": "https://owncloud.com/security-advisories/cve-2021-35948/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2021-35948/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35948",
"datePublished": "2021-09-07T19:08:12",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29659
Vulnerability from cvelistv5
Published
2021-05-20 12:46
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.owncloud.com/server/admin_manual/release_notes.html | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2021-29659/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2021-29659/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T12:46:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2021-29659/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.owncloud.com/server/admin_manual/release_notes.html",
"refsource": "MISC",
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"name": "https://owncloud.com/security-advisories/cve-2021-29659/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2021-29659/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29659",
"datePublished": "2021-05-20T12:46:20",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3012
Vulnerability from cvelistv5
Published
2015-05-08 14:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74445 | vdb-entry, x_refsource_BID | |
| https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md | x_refsource_CONFIRM | |
| https://github.com/kogmbh/WebODF/pull/849 | x_refsource_CONFIRM | |
| https://github.com/kogmbh/WebODF/pull/850/files | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3244 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-002 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:21.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74445"
},
{
"name": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"name": "https://github.com/kogmbh/WebODF/pull/849",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"name": "https://github.com/kogmbh/WebODF/pull/850/files",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"name": "DSA-3244",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3012",
"datePublished": "2015-05-08T14:00:00",
"dateReserved": "2015-04-08T00:00:00",
"dateUpdated": "2024-08-06T05:32:21.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35947
Vulnerability from cvelistv5
Published
2021-09-07 18:49
Modified
2024-08-04 00:47
Severity ?
EPSS score ?
Summary
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://doc.owncloud.com/server/admin_manual/release_notes.html | x_refsource_MISC | |
| https://owncloud.com/security-advisories/cve-2021-35947/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35947/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T18:49:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2021-35947/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doc.owncloud.com/server/admin_manual/release_notes.html",
"refsource": "MISC",
"url": "https://doc.owncloud.com/server/admin_manual/release_notes.html"
},
{
"name": "https://owncloud.com/security-advisories/cve-2021-35947/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2021-35947/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35947",
"datePublished": "2021-09-07T18:49:54",
"dateReserved": "2021-06-29T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28645
Vulnerability from cvelistv5
Published
2021-02-09 18:41
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions \u003c 10.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T18:41:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions \u003c 10.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28645",
"datePublished": "2021-02-09T18:41:01",
"dateReserved": "2020-11-16T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5954
Vulnerability from cvelistv5
Published
2015-10-21 18:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-011 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-21T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5954",
"datePublished": "2015-10-21T18:00:00",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4717
Vulnerability from cvelistv5
Published
2015-10-21 18:00
Modified
2024-08-06 06:25
Severity ?
EPSS score ?
Summary
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/76161 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-007 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:25:21.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-21T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76161"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4717",
"datePublished": "2015-10-21T18:00:00",
"dateReserved": "2015-06-22T00:00:00",
"dateUpdated": "2024-08-06T06:25:21.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9468
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2016-021 | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e | x_refsource_MISC | |
| https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e | x_refsource_MISC | |
| https://hackerone.com/reports/149798 | x_refsource_MISC | |
| https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35 | x_refsource_MISC | |
| https://nextcloud.com/security/advisory/?id=nc-sa-2016-011 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/149798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/149798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-021"
},
{
"name": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e"
},
{
"name": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f"
},
{
"name": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e"
},
{
"name": "https://hackerone.com/reports/149798",
"refsource": "MISC",
"url": "https://hackerone.com/reports/149798"
},
{
"name": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9468",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5607
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/security/advisories/oc-sa-2012-002/ | x_refsource_CONFIRM | |
| https://github.com/owncloud/core/commit/99cd922 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://owncloud.org/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/owncloud/core/commit/99cd922"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owncloud/core/commit/99cd922"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-002/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"
},
{
"name": "https://github.com/owncloud/core/commit/99cd922",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/99cd922"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5607",
"datePublished": "2012-12-18T01:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25339
Vulnerability from cvelistv5
Published
2022-04-07 14:21
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.com/security-advisories/cve-2022-25339/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25339/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T14:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.com/security-advisories/cve-2022-25339/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.com/security-advisories/cve-2022-25339/",
"refsource": "MISC",
"url": "https://owncloud.com/security-advisories/cve-2022-25339/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25339",
"datePublished": "2022-04-07T14:21:22",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9046
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-023 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9046",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3013
Vulnerability from cvelistv5
Published
2015-05-08 14:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2015-003 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/74451 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-004 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3244 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:21.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003"
},
{
"name": "74451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003"
},
{
"name": "74451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-003"
},
{
"name": "74451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74451"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-004"
},
{
"name": "DSA-3244",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3013",
"datePublished": "2015-05-08T14:00:00",
"dateReserved": "2015-04-08T00:00:00",
"dateUpdated": "2024-08-06T05:32:21.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4718
Vulnerability from cvelistv5
Published
2015-10-21 18:00
Modified
2024-08-06 06:25
Severity ?
EPSS score ?
Summary
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3373 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/76162 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-008 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:25:21.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-21T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76162"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4718",
"datePublished": "2015-10-21T18:00:00",
"dateReserved": "2015-06-22T00:00:00",
"dateUpdated": "2024-08-06T06:25:21.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9044
Vulnerability from cvelistv5
Published
2015-02-04 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/security/advisory/?id=oc-sa-2014-021 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-04T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9044",
"datePublished": "2015-02-04T18:00:00",
"dateReserved": "2014-11-21T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2585
Vulnerability from cvelistv5
Published
2014-03-23 16:00
Modified
2024-09-16 22:21
Severity ?
EPSS score ?
Summary
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-008/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user\u0027s ownCloud via the mount configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user\u0027s ownCloud via the mount configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2585",
"datePublished": "2014-03-23T16:00:00Z",
"dateReserved": "2014-03-23T00:00:00Z",
"dateUpdated": "2024-09-16T22:21:16.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2085
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2085",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2039
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-020/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-020/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2039",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9463
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 |
Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/148151"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "Incorrect Implementation of Authentication Algorithms (CWE-303)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/148151"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Implementation of Authentication Algorithms (CWE-303)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
"refsource": "MISC",
"url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
},
{
"name": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
"refsource": "MISC",
"url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
},
{
"name": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
},
{
"name": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
"refsource": "MISC",
"url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
},
{
"name": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
"refsource": "MISC",
"url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
},
{
"name": "https://hackerone.com/reports/148151",
"refsource": "MISC",
"url": "https://hackerone.com/reports/148151"
},
{
"name": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
"refsource": "MISC",
"url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9463",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2049
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2049",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5867
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96430 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2017-003 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96430"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5867",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0299
Vulnerability from cvelistv5
Published
2014-03-14 17:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T16:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0299",
"datePublished": "2014-03-14T17:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2047
Vulnerability from cvelistv5
Published
2014-03-14 16:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2014-001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2047",
"datePublished": "2014-03-14T16:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0303
Vulnerability from cvelistv5
Published
2014-03-23 15:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344.
References
| ▼ | URL | Tags |
|---|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-23T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0303",
"datePublished": "2014-03-23T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10252
Vulnerability from cvelistv5
Published
2021-02-19 06:12
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owncloud.org/changelog/server/ | x_refsource_MISC | |
| https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=44 | x_refsource_MISC | |
| https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-19T06:36:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owncloud.org/changelog/server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/changelog/server/",
"refsource": "MISC",
"url": "https://owncloud.org/changelog/server/"
},
{
"name": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44",
"refsource": "MISC",
"url": "https://blog.hacktivesecurity.com/index.php?controller=post\u0026action=view\u0026id_post=44"
},
{
"name": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/",
"refsource": "CONFIRM",
"url": "https://owncloud.com/security-advisories/ssrf-in-add-to-your-owncloud-functionality/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10252",
"datePublished": "2021-02-19T06:12:52",
"dateReserved": "2020-03-09T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3011
Vulnerability from cvelistv5
Published
2015-05-08 14:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74445 | vdb-entry, x_refsource_BID | |
| https://owncloud.org/security/advisory/?id=oc-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3244 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:21.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"
},
{
"name": "DSA-3244",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74445"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"
},
{
"name": "DSA-3244",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3011",
"datePublished": "2015-05-08T14:00:00",
"dateReserved": "2015-04-08T00:00:00",
"dateUpdated": "2024-08-06T05:32:21.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1665
Vulnerability from cvelistv5
Published
2018-03-20 21:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65457 | vdb-entry, x_refsource_BID | |
| https://packetstormsecurity.com/files/125086 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91012 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/31427/ | exploit, x_refsource_EXPLOIT-DB | |
| http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/125086"
},
{
"name": "owncloud-indexphp-xss(91012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012"
},
{
"name": "31427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/31427/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/125086"
},
{
"name": "owncloud-indexphp-xss(91012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012"
},
{
"name": "31427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/31427/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65457"
},
{
"name": "https://packetstormsecurity.com/files/125086",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/125086"
},
{
"name": "owncloud-indexphp-xss(91012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91012"
},
{
"name": "31427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/31427/"
},
{
"name": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html",
"refsource": "MISC",
"url": "http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1665",
"datePublished": "2018-03-20T21:00:00",
"dateReserved": "2014-01-24T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}