Page 21 of 131 results (0.009 seconds)

CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a administradores remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro (1) site_name o (2) site_url hacia apps/external/ajax/setsites.php. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. Vulnerabilidad de XSS en settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permite a administradores remotos inyectar script Web o HTML arbitrarios a través del parámetro del campo de entrada group. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. Vulnerabilidad de inyección SQL en addressbookprovider.php en ownCloud Server anterior a 5.0.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con la aplicación de contactos. • http://owncloud.org/about/security/advisories/oC-SA-2013-012 http://www.securityfocus.com/bid/58855 https://exchange.xforce.ibmcloud.com/vulnerabilities/83253 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. Múltiples vulnerabilidades de XSS en ownCloud Server anterior a 5.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) el parámetro new_name hacia apps/bookmarks/ajax/renameTag.php o (2) múltiples parámetros no especificados hacia archivos desconocidos en apps/contacts/ajax/. • http://owncloud.org/about/security/advisories/oC-SA-2013-011 http://www.securityfocus.com/bid/58852 https://exchange.xforce.ibmcloud.com/vulnerabilities/83245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 18%CPEs: 35EXPL: 4

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remotos autenticados evadir las restricciones de acceso, subir ficheros con nombres arbitrarios y ejecutar código arbitrario a través de una sintaxis Alternate Data Stream (ADS) en el parámetro filename, tal y como fue demostrado al utilizar .htaccess::$DATA para subir un programa PHP. ownCloud versions 4.0.x and 4.5.x suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/32162 http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2014/Mar/45 http://secunia.com/advisories/57267 http://www.exploit-db.com/exploits/32162 http://www.osvdb.org/104082 http://www.securityfocus.com/archive/1/531365/100/0/threaded http://www.securityfocus.com/bid/66000 https://exchange.xforce.ibmcloud.com/vulnerabilities/91757 https://www.portcullis-security.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •