NotCVE - vendor:"Owncloud" product:"Owncloud" version:" <= 3.0.2"

Page 12 of 126 results (0.003 seconds)

CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0

CVE-2012-5609

https://notcve.org/view.php?id=CVE-2012-5609

18 Dec 2012 — Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Vulnerabilidad lista negra incompleta en lib/filesystem.php en ownCloud antes v4.5.2 permite a usuarios remotos autenticados ejecutar código PHP arbitrario mediante la carga de un archivo mount.php en un fichero ZIP • http://owncloud.org/changelog •

CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 0

CVE-2012-5610

https://notcve.org/view.php?id=CVE-2012-5610

18 Dec 2012 — Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name. Vulnerabilidad lista negra incompleta en lib/filesystem.php en ownCloud antes de v4.0.9 y v4.5.x antes de v4.5.2 permite a usuarios remotos autenticados ejecutar código PHP arbitrario mediante la carga de un archivo con un nombre especial manipulado. • http://owncloud.org/changelog • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-4753

https://notcve.org/view.php?id=CVE-2012-4753

05 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en ownCloud anterior a v4.0.5, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas mediante vectores desconocidos(1) . • http://owncloud.org/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1

CVE-2012-4389

https://notcve.org/view.php?id=CVE-2012-4389

05 Sep 2012 — Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Vulnerabilidad de incompatibilidad en lib/migrate.php en ownCloud anterior a v4.0.7 permite a atacantes remotos ejecutar código arbitrario mediante la carga de un archivo .htaccess en un archivo import.zip y el acceso a un archivo PHP cargado. • http://www.openwall.com/lists/oss-security/2012/09/02/2 •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1

CVE-2012-4390

https://notcve.org/view.php?id=CVE-2012-4390

05 Sep 2012 — (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. (1) apps/calendar/appinfo/remote.php y (2) apps/contacts/appinfo/remote.php en ownCloud anterior a v4.0.7 permite a usuarios remotos autenticados enumerar los usuarios registrados mediante vectores desconocidos. • http://owncloud.org/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-4391

https://notcve.org/view.php?id=CVE-2012-4391

05 Sep 2012 — Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en ownCloud anterior a v4.0.7, permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que editan la configuración de la app. • http://owncloud.org/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1

CVE-2012-4394

https://notcve.org/view.php?id=CVE-2012-4394

05 Sep 2012 — Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en apps/files/js/filelist.js en ownCloud anterior a v4.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro file • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

CVE-2012-4395

https://notcve.org/view.php?id=CVE-2012-4395

05 Sep 2012 — Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro redirect_url • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 8

CVE-2012-4396

https://notcve.org/view.php?id=CVE-2012-4396

05 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in ... • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2012-4397

https://notcve.org/view.php?id=CVE-2012-4397

05 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.1 permite a atacantes remotos inyectar secuencia... • http://owncloud.org/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...10 11 12 13