CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2044
https://notcve.org/view.php?id=CVE-2013-2044
14 Mar 2014 — Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. Vulnerabilidad de redirección abierta en la página de inicio de sesión (index.php) en ownCloud anterior a 5.0.6 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro redirect_url. • http://owncloud.org/about/security/advisories/oC-SA-2013-022 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2013-1963
https://notcve.org/view.php?id=CVE-2013-1963
14 Mar 2014 — The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors. La aplicación de contactos en ownCloud anterior a 4.5.10 y 5.x anterior a 5.0.5 no comprueba debidamente la propiedad de contactos, lo que permite a usuarios remotos autenticados descargar contactos arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-018 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-0298
https://notcve.org/view.php?id=CVE-2013-0298
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php. Múltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) un arch... • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0307
https://notcve.org/view.php?id=CVE-2013-0307
14 Mar 2014 — Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. Vulnerabilidad de XSS en settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permite a administradores remotos inyectar script Web o HTML arbitrarios a través del parámetro del campo de entrada group. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0297
https://notcve.org/view.php?id=CVE-2013-0297
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a administradores remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro (1) site_name o (2) site_url hacia apps/externa... • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2045
https://notcve.org/view.php?id=CVE-2013-2045
07 Mar 2014 — SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/db.php en ownCloud Server 5.0.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1890
https://notcve.org/view.php?id=CVE-2013-1890
07 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. Múltiples vulnerabilidades de XSS en ownCloud Server anterior a 5.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) el parámetro new_name hacia apps/bookmarks/ajax/renameTag.php o ... • http://owncloud.org/about/security/advisories/oC-SA-2013-011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1893
https://notcve.org/view.php?id=CVE-2013-1893
07 Mar 2014 — SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. Vulnerabilidad de inyección SQL en addressbookprovider.php en ownCloud Server anterior a 5.0.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con la aplicación de contactos. • http://owncloud.org/about/security/advisories/oC-SA-2013-012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2046
https://notcve.org/view.php?id=CVE-2013-2046
07 Mar 2014 — SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/bookmarks.php en ownCloud Server 4.5.x anterior a 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93383 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 17%CPEs: 35EXPL: 5CVE-2014-2044 – ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-2044
06 Mar 2014 — Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remot... • https://packetstorm.news/files/id/125585 • CWE-94: Improper Control of Generation of Code ('Code Injection') •