Shodan
Vulnerabilities
Vulnerable Software
Owncloud:  >> Owncloud  >> 9.1.2  Security Vulnerabilities
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-02-09
CVE-2020-16255
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
CVSS Score
6.1
EPSS Score
0.004
Published
2021-01-15
CVE-2017-8896
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-07-17
CVE-2017-9338
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-17
CVE-2017-9339
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-07-17
CVE-2017-9340
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-07-17
CVE-2017-5865
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
CVSS Score
3.7
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5866
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5867
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved