Search Results | AttackerKB

Show filters

Topics 8 Users 9,708

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

8 Total Results

Displaying 1-8 of 8

Attacker Value

Unknown

CVE-2014-2044

Disclosure Date: October 06, 2014 (last updated October 05, 2023)

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

0

Attacker Value

Unknown

CVE-2014-2057

Disclosure Date: March 24, 2014 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-2042

Disclosure Date: March 14, 2014 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.

0

Attacker Value

Unknown

CVE-2014-2049

Disclosure Date: March 14, 2014 (last updated October 05, 2023)

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-2040

Disclosure Date: March 14, 2014 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-2039

Disclosure Date: March 14, 2014 (last updated October 05, 2023)

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.

0

Attacker Value

Unknown

CVE-2013-2150

Disclosure Date: March 14, 2014 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

0

Attacker Value

Unknown

CVE-2013-1942

Disclosure Date: August 15, 2013 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.

0