Owncloud: >> Owncloud Server >> 6.0.0a Security Vulnerabilities
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-02-11
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-01-23
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.
CVSS Score
6.0
EPSS Score
0.002
Published
2015-05-08