CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5865
https://notcve.org/view.php?id=CVE-2017-5865
03 Mar 2017 — The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. La funcionalidad de reestablecimiento de contraseña en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones ant... • http://www.securityfocus.com/bid/96425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5876
https://notcve.org/view.php?id=CVE-2016-5876
23 Jan 2017 — ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. ownCloud server en versiones anteriores a 8.2.6 y 9.x en versiones anteriores a 9.0.3, cuando la aplicación de galería está habilitada, permite a atacantes remotos descargar imágenes arbitrarias a través de una solicitud directa. • http://www.securityfocus.com/bid/95861 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2016-7419
https://notcve.org/view.php?id=CVE-2016-7419
17 Sep 2016 — Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. Vulnerabilidad de XSS en share.js en la aplicación de galería en ownCloud Server en versiones anteriores a 9.0.4 y Nextcloud Server en versiones anteriores a 9.0.52 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a ... • http://www.securityfocus.com/bid/92373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2016-1498
https://notcve.org/view.php?id=CVE-2016-1498
08 Jan 2016 — Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. Múltiples vulnerabilidades de XSS en el componente OCS discovery provider en ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anter... • https://owncloud.org/security/advisory/?id=oc-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2016-1500
https://notcve.org/view.php?id=CVE-2016-1500
08 Jan 2016 — ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores ... • https://owncloud.org/security/advisory/?id=oc-sa-2016-003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1501
https://notcve.org/view.php?id=CVE-2016-1501
08 Jan 2016 — ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. ownCloud Server en versiones anteriores a 8.0.9 y 8.1.x en versiones anteriores a 8.1.4 permiten a usuarios remotos autenticados obtener información sensible a través de vectores no especificados, lo que revela la ruta de instalación en los mensajes de excepción resultantes. • https://owncloud.org/security/advisory/?id=oc-sa-2016-004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 2CVE-2016-1499 – ownCloud 8.2.1 / 8.1.4 / 8.0.9 Information Exposure
https://notcve.org/view.php?id=CVE-2016-1499
07 Jan 2016 — ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. ownCloud Server en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores a 8.2.2 permite a usuarios remotos autenticados obtener información sensible desde un listado de directorio ... • https://packetstorm.news/files/id/135158 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7698
https://notcve.org/view.php?id=CVE-2015-7698
21 Oct 2015 — icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. icewind1991 SMB en versiones anteriores a 1.0.3 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a través de metacaracteres de shell en el argumento user en la función (1) listShares en server.php o (2) connect o (3) read en Share.php. • https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4718 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-4718
19 Oct 2015 — The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. El controlador de almacenamiento SMB externo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a través de un carácter ; (punto y coma) en un... • http://www.debian.org/security/2015/dsa-3373 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-5954 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-5954
19 Oct 2015 — The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. El sistema de archivos en ownCloud Server en versiones anteriores a 6.0.9, 7.0.x en versiones anteriores a 7.0.7 y 8.0.x en versiones anteriores a 8.0.5 no considera que NULL es un va... • http://www.debian.org/security/2015/dsa-3373 •