Shodan
Vulnerabilities
Vulnerable Software
Owncloud:  >> Owncloud Server  >> 5.0.3  Security Vulnerabilities
CVE-2013-2149
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
CVSS Score
3.5
EPSS Score
0.002
Published
2014-03-14
CVE-2013-2150
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
CVSS Score
3.5
EPSS Score
0.002
Published
2014-03-14
CVE-2014-2049
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-03-14
CVE-2013-1939
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
CVSS Score
5.0
EPSS Score
0.002
Published
2014-03-14
CVE-2013-1963
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-03-14
CVE-2013-2045
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.004
Published
2014-03-09
CVE-2013-2046
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.003
Published
2014-03-09
CVE-2013-1967
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-02-05
CVE-2013-6403
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
CVSS Score
6.8
EPSS Score
0.003
Published
2013-12-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved