Show filters
18 Total Results
Displaying 11-18 of 18
Sort by:
Attacker Value
Unknown

CVE-2014-2049

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-2040

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-2039

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2013-1850

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
0
0
Attacker Value
Unknown

CVE-2013-2150

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
0
0
Attacker Value
Unknown

CVE-2013-0297

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
0
0
Attacker Value
Unknown

CVE-2013-0307

Disclosure Date: March 14, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
0
0
Attacker Value
Unknown

CVE-2013-1942

Disclosure Date: August 15, 2013 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
0
0
View More Topics  < Previous