CVSS: 4.0EPSS: 0%CPEs: 31EXPL: 0CVE-2013-2039
https://notcve.org/view.php?id=CVE-2013-2039
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en lib/files/view.php en ownCloud anterior a 4.0.15, 4.5.x 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2046
https://notcve.org/view.php?id=CVE-2013-2046
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/bookmarks.php en ownCloud Server 4.5.x anterior a 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93383 http://owncloud.org/about/security/advisories/oC-SA-2013-019 http://seclists.org/oss-sec/2013/q2/324 http://www.securityfocus.com/bid/59969 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2045
https://notcve.org/view.php?id=CVE-2013-2045
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/db.php en ownCloud Server 5.0.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93384 http://owncloud.org/about/security/advisories/oC-SA-2013-019 http://seclists.org/oss-sec/2013/q2/324 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2014-1665 – ownCloud 6.0.0a - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-1665
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad Cross-Site Scripting (XSS) en ownCloud en versiones anteriores a la 6.0.1 permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante el nombre de archivo de un archivo subido. ownCloud version 6.0.0a suffers from file deletion, cross site request forgery, and cross site scripting vulnerabilities. It has also been reported that the same cross site scripting issue also affects Pydio version 5.20. • https://www.exploit-db.com/exploits/31427 http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html http://www.securityfocus.com/bid/65457 https://exchange.xforce.ibmcloud.com/vulnerabilities/91012 https://packetstormsecurity.com/files/125086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 86EXPL: 1CVE-2013-1967
https://notcve.org/view.php?id=CVE-2013-1967
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. Vulnerabilidad de XSS en flashmediaelement.swf en MediaElement.js anterior a 2.11.2, utilizado en OwnCloud Server 5.0.x anterior a 5.0.5 y 4.5.x anterior a 4.5.10, permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro file. • http://owncloud.org/about/security/advisories/oC-SA-2013-017 http://seclists.org/oss-sec/2013/q2/111 http://seclists.org/oss-sec/2013/q2/133 http://secunia.com/advisories/53079 https://bugzilla.redhat.com/show_bug.cgi?id=955307 https://exchange.xforce.ibmcloud.com/vulnerabilities/83647 https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd https://github.com/johndyer/mediaelement/tree/2.11.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •