VYPR

Server

by OwnCloud

Source repositories

CVEs (109)

  • CVE-2016-1499HigJan 8, 2016
    risk 0.56cvss 8.5epss 0.03

    ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to…

  • CVE-2016-9459MedMar 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with…

  • CVE-2016-1498MedJan 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a…

  • CVE-2013-0203MedNov 22, 2019
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to…

  • CVE-2016-9468MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.02

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of…

  • CVE-2016-9467MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.03

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and…

  • CVE-2016-9465MedMar 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind…

  • CVE-2016-9460MedMar 28, 2017
    risk 0.35cvss 5.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use…

  • CVE-2016-9462MedMar 28, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only…

  • CVE-2016-9461MedMar 28, 2017
    risk 0.28cvss 4.3epss 0.02

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a…

  • CVE-2016-1501MedJan 8, 2016
    risk 0.28cvss 4.3epss 0.02

    ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.

  • CVE-2022-43679MedNov 10, 2022
    risk 0.27cvss 4.2epss 0.00

    The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.

  • CVE-2016-1500LowJan 8, 2016
    risk 0.20cvss 3.1epss 0.01

    ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting…

  • CVE-2014-2044Oct 6, 2014
    risk 0.04cvss epss 0.12

    Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS)…

  • CVE-2015-4716Oct 21, 2015
    risk 0.02cvss epss 0.25

    Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

  • CVE-2015-7699Oct 26, 2015
    risk 0.00cvss epss 0.04

    The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."

  • CVE-2015-6670Oct 26, 2015
    risk 0.00cvss epss 0.01

    ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

  • CVE-2015-6500Oct 26, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to…

  • CVE-2015-5954Oct 21, 2015
    risk 0.00cvss epss 0.01

    The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a…

  • CVE-2015-4718Oct 21, 2015
    risk 0.00cvss epss 0.03

    The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.

Page 1 of 6