CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2016-9466
https://notcve.org/view.php?id=CVE-2016-9466
28 Mar 2017 — Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability. Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de Reflexed XSS en la aplicación Galería... • https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-9468
https://notcve.org/view.php?id=CVE-2016-9468
28 Mar 2017 — Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Nextcloud Server en versiones anteriores a 9.0.54 and 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de contenido de suplantación en la aplicación dav. El mensaje de excepción que se muestra en los puntos ... • https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f • CWE-284: Improper Access Control CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-5866
https://notcve.org/view.php?id=CVE-2017-5866
03 Mar 2017 — The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. La característica de autocompletar en el cuadro de diálogo del E-Mail en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos auten... • http://www.securityfocus.com/bid/96426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-5867
https://notcve.org/view.php?id=CVE-2017-5867
03 Mar 2017 — ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file. ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados provocar una denegación de servicio (cuelgue del servidor e inundación de archivos de reg... • http://www.securityfocus.com/bid/96430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5865
https://notcve.org/view.php?id=CVE-2017-5865
03 Mar 2017 — The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. La funcionalidad de reestablecimiento de contraseña en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones ant... • http://www.securityfocus.com/bid/96425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7102
https://notcve.org/view.php?id=CVE-2016-7102
23 Jan 2017 — ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. ownCloud Desktop en versiones anteriores a 2.2.3 permite a usuarios locales ejecutar código arbitrario y posiblemente obtener privilegios a través de una librería de troyanos en una "ruta especial" en el controlador C:. • http://www.securityfocus.com/bid/92627 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5876
https://notcve.org/view.php?id=CVE-2016-5876
23 Jan 2017 — ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. ownCloud server en versiones anteriores a 8.2.6 y 9.x en versiones anteriores a 9.0.3, cuando la aplicación de galería está habilitada, permite a atacantes remotos descargar imágenes arbitrarias a través de una solicitud directa. • http://www.securityfocus.com/bid/95861 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2016-7419
https://notcve.org/view.php?id=CVE-2016-7419
17 Sep 2016 — Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. Vulnerabilidad de XSS en share.js en la aplicación de galería en ownCloud Server en versiones anteriores a 9.0.4 y Nextcloud Server en versiones anteriores a 9.0.52 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a ... • http://www.securityfocus.com/bid/92373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2016-1498
https://notcve.org/view.php?id=CVE-2016-1498
08 Jan 2016 — Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. Múltiples vulnerabilidades de XSS en el componente OCS discovery provider en ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anter... • https://owncloud.org/security/advisory/?id=oc-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2016-1500
https://notcve.org/view.php?id=CVE-2016-1500
08 Jan 2016 — ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. ownCloud Server en versiones anteriores a 7.0.12, 8.0.x en versiones anteriores a 8.0.10, 8.1.x en versiones anteriores a 8.1.5 y 8.2.x en versiones anteriores ... • https://owncloud.org/security/advisory/?id=oc-sa-2016-003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •