Page 16 of 86 results (0.004 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-2085

https://notcve.org/view.php?id=CVE-2013-2085

Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. Vulnerabilidad de salto de directorio en apps/files_trashbin/index.php en el servidor de ownCloud anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de un .. (punto punto) en el parámetro dir. • http://owncloud.org/about/security/advisories/oC-SA-2013-020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 31EXPL: 0

CVE-2013-2040

https://notcve.org/view.php?id=CVE-2013-2040

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0

CVE-2013-2043

https://notcve.org/view.php?id=CVE-2013-2043

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. apps/calendar/ajax/events.php en ownCloud anterior a 4.5.11 y 5.x anterior a 5.0.6 no comprueba debidamente la propiedad de un calendario, lo que permite a usuarios remotos autenticados descargar calendarios arbitrarios a través del parámetro calendar_id. • http://owncloud.org/about/security/advisories/oC-SA-2013-024 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 31EXPL: 0

CVE-2013-2039

https://notcve.org/view.php?id=CVE-2013-2039

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en lib/files/view.php en ownCloud anterior a 4.0.15, 4.5.x 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2013-2046

https://notcve.org/view.php?id=CVE-2013-2046

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/bookmarks.php en ownCloud Server 4.5.x anterior a 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93383 http://owncloud.org/about/security/advisories/oC-SA-2013-019 http://seclists.org/oss-sec/2013/q2/324 http://www.securityfocus.com/bid/59969 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •