CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-2585
https://notcve.org/view.php?id=CVE-2014-2585
23 Mar 2014 — ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. ownCloud anterior a 5.0.15 y 6.x anterior a 6.0.2, cuando la aplicación file_external está habilitada, permite a usuarios remotos autenticados montar el sistema de archivos local en el ownCloud del usuario a través de la configuración mount. • http://owncloud.org/about/security/advisories/oC-SA-2014-008 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 14%CPEs: 18EXPL: 1CVE-2013-0303
https://notcve.org/view.php?id=CVE-2013-0303
23 Mar 2014 — Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344. Vulnerabilidad no especificada en core/ajax/translations.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar código PHP arbitrario a través d... • https://github.com/CiscoCXSecurity/ownCloud_RCE_CVE-2013-0303 •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2014-2057
https://notcve.org/view.php?id=CVE-2014-2057
23 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en ownCloud anterior a 6.0.2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2014-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-7344
https://notcve.org/view.php?id=CVE-2013-7344
23 Mar 2014 — Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions. Vulnerabilidad no especificada en core/settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.6 permite a usuarios remotos autenticados ejecutar código PHP arbitrario a través de vectores desconocidos. NOTA: este problema fue separado de ... • http://owncloud.org/about/security/advisories/oC-SA-2013-006 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2013-0201
https://notcve.org/view.php?id=CVE-2013-0201
18 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php. Múltiples vulnerabilidades de XSS en ownCloud 4.5.5, 4.0.10 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de l... • http://osvdb.org/89505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0299
https://notcve.org/view.php?id=CVE-2013-0299
14 Mar 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to app... • http://owncloud.org/about/security/advisories/oC-SA-2013-004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-0300
https://notcve.org/view.php?id=CVE-2013-0300
14 Mar 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/setti... • http://owncloud.org/about/security/advisories/oC-SA-2013-004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0301
https://notcve.org/view.php?id=CVE-2013-0301
14 Mar 2014 — Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter. Vulnerabilidad de CSRF en apps/calendar/ajax/settings/settimezone en ownCloud anterior a 4.0.12 permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que cambian la zona horaria a través del parámetro timezone. • http://owncloud.org/about/security/advisories/oC-SA-2013-004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-2040
https://notcve.org/view.php?id=CVE-2013-2040
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.15, 4.5.x anterior a 4.5.11 y 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2041
https://notcve.org/view.php?id=CVE-2013-2041
14 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js. Múltiples vulnerabilidades de XSS en ownCloud 5.0.x anterior a 5.0.6 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de (1) el parámetro tag hacia apps/boo... • http://owncloud.org/about/security/advisories/oC-SA-2013-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •