Page 9 of 160 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2013-0302

https://notcve.org/view.php?id=CVE-2013-0302

05 Jun 2014 — Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK. Vulnerabilidad no especificada en ownCloud Server anterior a 4.0.12 permite a atacantes remotos obtener información sensible a través de vectores no especificados relacionados con 'inclusión del suite de prue... • http://owncloud.org/about/security/advisories/oC-SA-2013-005 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-3834

https://notcve.org/view.php?id=CVE-2014-3834

04 Jun 2014 — ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors. ownCloud Server anterior a 6.0.3 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados (1) acceder a los contactos de otros usuarios a través del libro de direcciones o (2) renombrar archivos a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oc-sa-2014-011 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2014-3835

https://notcve.org/view.php?id=CVE-2014-3835

04 Jun 2014 — ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors. ownCloud Server anterior a 5.0.16 y 6.0.x anterior a 6.0.3 no comprueba permisos a la aplicación files_external, lo que permite a usuarios remotos autenticados añadir almacenaje externo a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oc-sa-2014-012 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2014-2054 – Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)

https://notcve.org/view.php?id=CVE-2014-2054

04 Jun 2014 — PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. PHPExcel anterior a 1.8.0, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, no deshabilita la carga de entidades externas en libxml, lo que permite a atacantes remotos leer archivos arbitrarios, ... • http://owncloud.org/about/security/advisories/oC-SA-2014-006 • CWE-1395: Dependency on Vulnerable Third-Party Component •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-3963

https://notcve.org/view.php?id=CVE-2014-3963

04 Jun 2014 — ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. ownCloud Server anterior a 6.0.1 no comprueba debidamente permisos, lo que permite a usuarios remotos autenticados acceder a vistas preliminares de imágenes a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2014-009 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 80EXPL: 0

CVE-2014-2055

https://notcve.org/view.php?id=CVE-2014-2055

04 Jun 2014 — SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. SabreDAV anterior a 1.7.11, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegación de servicio o posiblemente tener otro impacto a través de un ataque de entidad externa XML (XXE). • http://owncloud.org/about/security/advisories/oC-SA-2014-006 •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-3832

https://notcve.org/view.php?id=CVE-2014-3832

04 Jun 2014 — Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. Vulnerabilidad de XSS en el componente Documents en ownCloud Server 6.0.x anterior a 6.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, posiblemente relacionado con la función print_unescaped... • http://owncloud.org/about/security/advisories/oc-sa-2014-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2012-5057

https://notcve.org/view.php?id=CVE-2012-5057

04 Jun 2014 — CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. Vulnerabilidad de inyección CRLF en ownCloud Server anterior a 4.0.8 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través del parámetro url path. • http://owncloud.org/about/security/advisories/CVE-2012-5057 •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2014-3833

https://notcve.org/view.php?id=CVE-2014-3833

04 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function. Múltiples vulnerabilidades de XSS en los componentes (1) Gallery y (2) Core en ownCloud Server anterior a 5.016 y 6.0.x anterior a 6.0.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a tr... • http://owncloud.org/about/security/advisories/oc-sa-2014-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 0

CVE-2014-2053 – WordPress Core <= 3.9.1 - XML External Entity (XXE) Weakness

https://notcve.org/view.php?id=CVE-2014-2053

04 Jun 2014 — getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. getID3() anterior a 1.9.8, utilizado en ownCloud Server anterior a 5.0.15 y 6.0.x anterior a 6.0.2, permite a atacantes remotos leer archivos arbitrarios, causar una denegación de servicio o posiblemente tener otro impacto a través de un ataque de entidad externa XML (XXE). • http://getid3.sourceforge.net/source/changelog.txt • CWE-611: Improper Restriction of XML External Entity Reference •