CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-7344
https://notcve.org/view.php?id=CVE-2013-7344
23 Mar 2014 — Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions. Vulnerabilidad no especificada en core/settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar código PHP arbitrario a través de vectores desconocidos. NOTA: este problema fue separado de ... • http://owncloud.org/about/security/advisories/oC-SA-2013-006 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2013-0201
https://notcve.org/view.php?id=CVE-2013-0201
18 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php. Múltiples vulnerabilidades de XSS en ownCloud 4.5.5, 4.0.10 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de l... • http://osvdb.org/89505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0299
https://notcve.org/view.php?id=CVE-2013-0299
14 Mar 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to app... • http://owncloud.org/about/security/advisories/oC-SA-2013-004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-2040
https://notcve.org/view.php?id=CVE-2013-2040
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-2042
https://notcve.org/view.php?id=CVE-2013-2042
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través del ... • http://owncloud.org/about/security/advisories/oC-SA-2013-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2043
https://notcve.org/view.php?id=CVE-2013-2043
14 Mar 2014 — apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. apps/calendar/ajax/events.php en ownCloud anterior a 4.5.11 y 5.x anterior a 5.0.6 no comprueba debidamente la propiedad de un calendario, lo que permite a usuarios remotos autenticados descargar calendarios arbitrarios a través del parámetro calendar_id. • http://owncloud.org/about/security/advisories/oC-SA-2013-024 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2044
https://notcve.org/view.php?id=CVE-2013-2044
14 Mar 2014 — Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. Vulnerabilidad de redirección abierta en la página de inicio de sesión (index.php) en ownCloud anterior a 5.0.6 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro redirect_url. • http://owncloud.org/about/security/advisories/oC-SA-2013-022 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2047
https://notcve.org/view.php?id=CVE-2013-2047
14 Mar 2014 — The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. La página de inicio de sesión (también conocido como index.php) en ownCloud anterior a 5.0.6 no deshabilita la configuración de autocompletar para el parámetro password, lo que facilita a atacantes físicamente próximos adivinar la contraseña. • http://owncloud.org/about/security/advisories/oC-SA-2013-023 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2048
https://notcve.org/view.php?id=CVE-2013-2048
14 Mar 2014 — ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. ownCloud anterior a 5.0.6 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados ejecutar comandos API arbitrarios a través de vectores no especificados. NOTA: esto puede ser aprovechado mediante el uso de CSRF para permitir a ... • http://owncloud.org/about/security/advisories/oC-SA-2013-025 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2085
https://notcve.org/view.php?id=CVE-2013-2085
14 Mar 2014 — Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. Vulnerabilidad de salto de directorio en apps/files_trashbin/index.php en el servidor de ownCloud anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de un .. (punto punto) en el parámetro dir. • http://owncloud.org/about/security/advisories/oC-SA-2013-020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •