CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2015-7699 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-7699
19 Oct 2015 — The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." La aplicación files_external en ownCloud Server en versiones anteriores a 7.0.9, 8.0.x en versiones anteriores a 8.0.7 y 8.1.x en versiones anteriores a 8.1.2 permite a usuarios remotos autenticados instanciar clases arbitrarias o posiblemente ejecut... • http://www.debian.org/security/2015/dsa-3373 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5953 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-5953
19 Oct 2015 — Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. Vulnerabilidad de XSS en la aplicación activity en ownCloud Server en versiones anteriores a 7.0.5 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un... • http://www.debian.org/security/2015/dsa-3373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-5954 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-5954
19 Oct 2015 — The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. El sistema de archivos en ownCloud Server en versiones anteriores a 6.0.9, 7.0.x en versiones anteriores a 7.0.7 y 8.0.x en versiones anteriores a 8.0.5 no considera que NULL es un va... • http://www.debian.org/security/2015/dsa-3373 •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2015-6500 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-6500
19 Oct 2015 — Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. Vulnerabilidad de salto de directorio en ownCloud Server en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 permite a usuarios remotos autenticados listar contenidos del directorio y posiblemente provocar ... • http://www.debian.org/security/2015/dsa-3373 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-6670 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-6670
19 Oct 2015 — ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php. ownCloud Server en versiones anteriores a 7.0.8, 8.0.x en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 no verifica adecuadamente el propietario de los calendarios, lo que permite a usuarios remotos autenticados leer calendarios arbitrariamente a ... • http://www.debian.org/security/2015/dsa-3373 •
CVSS: 10.0EPSS: 23%CPEs: 5EXPL: 0CVE-2015-4716 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-4716
19 Oct 2015 — Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. Vulnerabilidad de salto de directorio en el componente routing en ownCloud Server en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4, cuando se ejecuta en Windows, permite a atacantes remotos reinstalar la aplicación o ejecutar código arbitrario a... • http://www.debian.org/security/2015/dsa-3373 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4717 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-4717
19 Oct 2015 — The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. El componente de saneo de nombre de archivo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 no maneja correctamente la... • http://www.debian.org/security/2015/dsa-3373 • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4718 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-4718
19 Oct 2015 — The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. El controlador de almacenamiento SMB externo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados ejecutar comandos SMB arbitrarios a través de un carácter ; (punto y coma) en un... • http://www.debian.org/security/2015/dsa-3373 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3011 – Debian Security Advisory 3244-1
https://notcve.org/view.php?id=CVE-2015-3011
04 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. Múltiples vulnerabilidades de XSS en la aplicación de contactos en ownCloud Server Community Edition anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbi... • http://www.debian.org/security/2015/dsa-3244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3013 – Debian Security Advisory 3244-1
https://notcve.org/view.php?id=CVE-2015-3013
04 May 2015 — ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. ownCloud Server anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permite a usuarios remotos autenticados evadir la lista negra de ficheros y subir ficheros arbitrarios a través de una ruta de ficheros con la codificación UTF-8, tal y como fue demostrado... • http://www.debian.org/security/2015/dsa-3244 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •