Shodan
Vulnerabilities
Vulnerable Software
Owncloud:  >> Owncloud  Security Vulnerabilities
CVE-2014-3963
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.001
Published
2014-06-04
CVE-2014-3833
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-06-04
CVE-2014-3834
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-06-04
CVE-2014-3835
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.003
Published
2014-06-04
CVE-2014-3836
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-06-04
CVE-2014-3837
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-06-04
CVE-2014-3838
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
CVSS Score
4.0
EPSS Score
0.001
Published
2014-06-04
CVE-2012-5056
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-06-04
CVE-2012-5057
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-06-04
CVE-2012-5336
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-06-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved