CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2012-4397
https://notcve.org/view.php?id=CVE-2012-4397
05 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.1 permite a atacantes remotos inyectar secuencia... • http://owncloud.org/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4753
https://notcve.org/view.php?id=CVE-2012-4753
05 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en ownCloud anterior a v4.0.5, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas mediante vectores desconocidos(1) . • http://owncloud.org/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2012-4390
https://notcve.org/view.php?id=CVE-2012-4390
05 Sep 2012 — (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. (1) apps/calendar/appinfo/remote.php y (2) apps/contacts/appinfo/remote.php en ownCloud anterior a v4.0.7 permite a usuarios remotos autenticados enumerar los usuarios registrados mediante vectores desconocidos. • http://owncloud.org/changelog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2012-4389
https://notcve.org/view.php?id=CVE-2012-4389
05 Sep 2012 — Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Vulnerabilidad de incompatibilidad en lib/migrate.php en ownCloud anterior a v4.0.7 permite a atacantes remotos ejecutar código arbitrario mediante la carga de un archivo .htaccess en un archivo import.zip y el acceso a un archivo PHP cargado. • http://www.openwall.com/lists/oss-security/2012/09/02/2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4394
https://notcve.org/view.php?id=CVE-2012-4394
05 Sep 2012 — Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en apps/files/js/filelist.js en ownCloud anterior a v4.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro file • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 8CVE-2012-4396
https://notcve.org/view.php?id=CVE-2012-4396
05 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in ... • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-4392
https://notcve.org/view.php?id=CVE-2012-4392
05 Sep 2012 — index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. index.php en ownCloud v4.0.7 no valida correctamente la cookie oc_token, permitiendo a atacantes remotos evitar la autenticación a través de una cookie oc_token hecha a mano. • http://www.openwall.com/lists/oss-security/2012/08/11/1 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2397
https://notcve.org/view.php?id=CVE-2012-2397
20 Apr 2012 — Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en ownCloud v3.0.2 permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para las solicitudes que insertan secuencias de comandos en sitios cruzados (XSS) a través de v... • http://owncloud.org/security/advisories/CVE-2012-2397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2398
https://notcve.org/view.php?id=CVE-2012-2398
20 Apr 2012 — Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en los fiels/ajax/download.php en ownCloud v3.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'files', una vulnerabilidad diferente a la CVE-2012-2269.4. NOTA: la p... • http://owncloud.org/security/advisories/cve-2012-2398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2012-2269 – ownCloud 3.0.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-2269
18 Apr 2012 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. Múltiples vulnerabilidades de ejecución de comandos en si... • https://packetstorm.news/files/id/111956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •