📦

owncloud_server

Vendor: owncloud

Actively Exploited 0 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 7 Remote Access

Total CVEs 271 Total Indexed

Avg. EPSS 1.91% Exploit Prob.

Latest CVE CVE-2023-49105 Nov 21

Security Vulnerability Index

Page 9 / 28

3.5 CVSS

CVE-2013-0297

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

EPSS: 0.22%

Severity: LOW

Mar 14, 2014

6.5 CVSS

CVE-2013-2046

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

EPSS: 0.30%

Severity: MEDIUM

Mar 09, 2014

6.5 CVSS

CVE-2013-2045

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

EPSS: 0.35%

Severity: MEDIUM

Mar 09, 2014

4.3 CVSS

CVE-2013-1967

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

EPSS: 0.57%

Severity: MEDIUM

Feb 05, 2014

6.8 CVSS

CVE-2013-6403

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

EPSS: 0.35%

Severity: MEDIUM

Dec 24, 2013

4.3 CVSS

CVE-2013-1942

Exploit Found

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.

EPSS: 8.80%

Severity: MEDIUM

Aug 15, 2013

4.3 CVSS

CVE-2012-5666

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

EPSS: 0.41%

Severity: MEDIUM

Jan 03, 2013

4.3 CVSS

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

EPSS: 0.43%

Severity: MEDIUM

Jan 03, 2013

6.5 CVSS

CVE-2012-5610

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.

EPSS: 1.09%

Severity: MEDIUM

Dec 18, 2012

6.5 CVSS

CVE-2012-5609

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

EPSS: 1.03%

Severity: MEDIUM

Dec 18, 2012

Displaying 10 of 271 Total Entries

7 8 9 10 11 ... 28

Total 28 Sections