Owncloud Server
Approved changes feed: RSS · Atom
cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*
part: a version: 7.0.0 update: *
| Vendor | Owncloud (7adb7c81-0e09-5084-ad84-9888a985e435) |
|---|---|
| Product | Owncloud Server (2291c676-bc20-574c-a431-505f3752afb3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2015-7699 |
vulnerable | 2026-06-03 14:35:09.691120 |
Details available
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
Published: 2015-10-26T15:00:00.000Z
Updated: 2024-08-06T07:58:59.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-6670 |
vulnerable | 2026-06-03 14:35:02.682324 |
Details available
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Published: 2015-10-26T14:00:00.000Z
Updated: 2024-08-06T07:29:24.456Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-6500 |
vulnerable | 2026-06-03 14:35:02.345422 |
Details available
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
Published: 2015-10-26T14:00:00.000Z
Updated: 2024-08-06T07:22:22.224Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-5954 |
vulnerable | 2026-06-03 14:35:00.757592 |
Details available
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.
Published: 2015-10-21T18:00:00.000Z
Updated: 2024-08-06T07:06:35.142Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4718 |
vulnerable | 2026-06-03 14:34:52.518424 |
Details available
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
Published: 2015-10-21T18:00:00.000Z
Updated: 2024-08-06T06:25:21.450Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4717 |
vulnerable | 2026-06-03 14:34:52.514934 |
Details available
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
Published: 2015-10-21T18:00:00.000Z
Updated: 2024-08-06T06:25:21.446Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9049 |
vulnerable | 2026-06-03 14:34:25.837589 |
Details available
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.568Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9048 |
vulnerable | 2026-06-03 14:34:25.836990 |
Details available
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.629Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9047 |
vulnerable | 2026-06-03 14:34:25.835696 |
Details available
Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9046 |
vulnerable | 2026-06-03 14:34:25.834437 |
Details available
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.561Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9044 |
vulnerable | 2026-06-03 14:34:25.831893 |
Details available
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.429Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9043 |
vulnerable | 2026-06-03 14:34:25.831537 |
Details available
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.536Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9042 |
vulnerable | 2026-06-03 14:34:25.830185 |
Details available
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9041 |
vulnerable | 2026-06-03 14:34:25.827406 |
Details available
The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.
Published: 2015-02-04T18:00:00.000Z
Updated: 2024-08-06T13:33:13.343Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.