Page 25 of 155 results (0.013 seconds)

CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. Vulnerabilidad de XSS en settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permite a administradores remotos inyectar script Web o HTML arbitrarios a través del parámetro del campo de entrada group. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php. Múltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) un archivo iCalendar manipulado hacia la aplicación calendar, el parámetro (2) dir o (3) file hacia apps/files_pdfviewer/viewer.php o el (4) parámetro mountpoint hacia /apps/files_external/addMountPoint.php. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. Vulnerabilidad de inyección SQL en addressbookprovider.php en ownCloud Server anterior a 5.0.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con la aplicación de contactos. • http://owncloud.org/about/security/advisories/oC-SA-2013-012 http://www.securityfocus.com/bid/58855 https://exchange.xforce.ibmcloud.com/vulnerabilities/83253 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/db.php en ownCloud Server 5.0.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93384 http://owncloud.org/about/security/advisories/oC-SA-2013-019 http://seclists.org/oss-sec/2013/q2/324 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. Múltiples vulnerabilidades de XSS en ownCloud Server anterior a 5.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) el parámetro new_name hacia apps/bookmarks/ajax/renameTag.php o (2) múltiples parámetros no especificados hacia archivos desconocidos en apps/contacts/ajax/. • http://owncloud.org/about/security/advisories/oC-SA-2013-011 http://www.securityfocus.com/bid/58852 https://exchange.xforce.ibmcloud.com/vulnerabilities/83245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •