CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2015-7699 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-7699
19 Oct 2015 — The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." La aplicación files_external en ownCloud Server en versiones anteriores a 7.0.9, 8.0.x en versiones anteriores a 8.0.7 y 8.1.x en versiones anteriores a 8.1.2 permite a usuarios remotos autenticados instanciar clases arbitrarias o posiblemente ejecut... • http://www.debian.org/security/2015/dsa-3373 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4717 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-4717
19 Oct 2015 — The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. El componente de saneo de nombre de archivo en ownCloud Server en versiones anteriores a 6.0.8, 7.0.x en versiones anteriores a 7.0.6 y 8.0.x en versiones anteriores a 8.0.4 no maneja correctamente la... • http://www.debian.org/security/2015/dsa-3373 • CWE-399: Resource Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5953 – Debian Security Advisory 3373-1
https://notcve.org/view.php?id=CVE-2015-5953
19 Oct 2015 — Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. Vulnerabilidad de XSS en la aplicación activity en ownCloud Server en versiones anteriores a 7.0.5 y 8.0.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un... • http://www.debian.org/security/2015/dsa-3373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4456 – Debian Security Advisory 3363-1
https://notcve.org/view.php?id=CVE-2015-4456
21 Sep 2015 — ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. ownCloud Desktop Client en versiones anteriores a 1.8.2 no llama a QNetworkReply::ignoreSslErrors con la lista de errores a ignorar, lo que permite a atacante... • http://www.debian.org/security/2015/dsa-3363 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3011 – Debian Security Advisory 3244-1
https://notcve.org/view.php?id=CVE-2015-3011
04 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. Múltiples vulnerabilidades de XSS en la aplicación de contactos en ownCloud Server Community Edition anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbi... • http://www.debian.org/security/2015/dsa-3244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3013 – Debian Security Advisory 3244-1
https://notcve.org/view.php?id=CVE-2015-3013
04 May 2015 — ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. ownCloud Server anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permite a usuarios remotos autenticados evadir la lista negra de ficheros y subir ficheros arbitrarios a través de una ruta de ficheros con la codificación UTF-8, tal y como fue demostrado... • http://www.debian.org/security/2015/dsa-3244 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3012 – Debian Security Advisory 3244-1
https://notcve.org/view.php?id=CVE-2015-3012
04 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. Múltiples vulnerabilidades de XSS en WebODF anterior a 0.5.5, utilizado en ownCloud, permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URI (1) de estilos o (2) de nombres de fuentes o (3) de javascript o (4) de datos. Multiple vulnerab... • http://www.debian.org/security/2015/dsa-3244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0CVE-2014-9042 – Mandriva Linux Security Advisory 2015-190
https://notcve.org/view.php?id=CVE-2014-9042
04 Feb 2015 — Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041. Vulnerabilidad de XSS en la funcionalidad de importación en la aplicación bookmarks en ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.... • https://owncloud.org/security/advisory/?id=oc-sa-2014-028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2014-9043 – Mandriva Linux Security Advisory 2015-190
https://notcve.org/view.php?id=CVE-2014-9043
04 Feb 2015 — The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. La aplicación user_ldap (también conocido como el backend del usuario y grupo de LDAP) en ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 permite a atacantes remotos evadir la autenticación a través de un byte nulo en... • https://owncloud.org/security/advisory/?id=oc-sa-2014-020 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2014-9048
https://notcve.org/view.php?id=CVE-2014-9048
04 Feb 2015 — The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. La aplicación documents en ownCloud Server 6.x anterior a 6.0.6 y 7.x anterior a 7.0.3 permite a atacantes remotos evadir la protección de contraseñas para ficheros compartidos a través de la API. • https://owncloud.org/security/advisory/?id=oc-sa-2014-024 • CWE-264: Permissions, Privileges, and Access Controls •