Owncloud

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-4391 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations.
CVE-2012-4390 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 4.0 MEDIUM· v2 (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
CVE-2012-4389 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP f...Show more Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.Show less
CVE-2012-2398 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Apr 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012...Show more Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.Show less
CVE-2012-2397 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Apr 20, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors i...Show more Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.Show less
CVE-2012-2270 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Apr 20, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter...Show more Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.Show less
CVE-2012-2269 1Owncloud 2Owncloud Owncloud Server Apr 29, 2026 Apr 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter p...Show more Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.Show less

Previous 1...5 6 7 89