CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1893
https://notcve.org/view.php?id=CVE-2013-1893
07 Mar 2014 — SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application. Vulnerabilidad de inyección SQL en addressbookprovider.php en ownCloud Server anterior a 5.0.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con la aplicación de contactos. • http://owncloud.org/about/security/advisories/oC-SA-2013-012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2046
https://notcve.org/view.php?id=CVE-2013-2046
07 Mar 2014 — SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en lib/bookmarks.php en ownCloud Server 4.5.x anterior a 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93383 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 13%CPEs: 35EXPL: 5CVE-2014-2044 – ownCloud 4.0.x/4.5.x - 'upload.php?Filename' Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-2044
06 Mar 2014 — Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. Vulnerabilidad de lista negra incompleta en ajax/upload.php en ownCloud anterior a 5.0, cuando funciona en Windows, permite a usuarios remot... • https://packetstorm.news/files/id/125585 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2014-1665 – ownCloud 6.0.0a - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-1665
06 Feb 2014 — Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad Cross-Site Scripting (XSS) en ownCloud en versiones anteriores a la 6.0.1 permite que atacantes remotos autenticados inyecten scripts web o HTLM arbitrarios mediante el nombre de archivo de un archivo subido. ownCloud version 6.0.0a suffers from file deletion, cross site request forgery, and cross site scripting vulner... • https://packetstorm.news/files/id/125086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 86EXPL: 1CVE-2013-1967
https://notcve.org/view.php?id=CVE-2013-1967
05 Feb 2014 — Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. Vulnerabilidad de XSS en flashmediaelement.swf en MediaElement.js anterior a 2.11.2, utilizado en OwnCloud Server 5.0.x anterior a 5.0.5 y 4.5.x anterior a 4.5.10, permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro f... • http://owncloud.org/about/security/advisories/oC-SA-2013-017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6403 – Mandriva Linux Security Advisory 2013-289
https://notcve.org/view.php?id=CVE-2013-6403
19 Dec 2013 — The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. La página de administración de ownCloud anteriores a 5.0.13 permite a atacantes remotos sortear restricciones de acceso intencionadas a través de vectores no especificados, relacionados con MariaDB. Possible security bypass on admin page under certain circumstances and MariaDB. The owncloud package has been updated to version 5.0.13, fixing this and many other ... • http://owncloud.org/changelog • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 9%CPEs: 112EXPL: 2CVE-2013-1942 – jPlayer - 'Jplayer.swf' Script Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-1942
15 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023. Múltiples vulnerabilidades de XSS en actionscript/Jplayer.as en el componente... • https://www.exploit-db.com/exploits/38460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2149 – Mandriva Linux Security Advisory 2013-175
https://notcve.org/view.php?id=CVE-2013-2149
18 Jun 2013 — Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.16 y 5.x anterior a 5.0.7 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores relacionados con archivos compartidos. Cross-site scripting vulnerabilities in js/viewer.js inside the files_videovi... • http://owncloud.org/about/security/advisories/oC-SA-2013-028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2013-2150 – Mandriva Linux Security Advisory 2013-175
https://notcve.org/view.php?id=CVE-2013-2150
18 Jun 2013 — Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. Múltiples vulnerabilidades de XSS en js/viewer.js en ownCloud anterior a 4.5.12 y 5.x anterior a 5.0.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con archivos compartidos. Cross-site scripting vulnerabilities in js/viewer.js inside the fil... • http://owncloud.org/about/security/advisories/oC-SA-2013-028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •