File System Monitoring Queue Overflow |
Business Logic Errors |
ihsinme |
Low |
2021-12-03 |
Possible to steal any protected files on Android |
Information Disclosure |
shell_c0de |
Medium |
2021-11-15 |
Remote Code Execution through "Files_antivirus" plugin |
Code Injection |
pabl00nicarres |
Medium |
2021-06-21 |
Password Complexity Not Enforced On Password Change |
Violation of Secure Design Principles |
wdem |
Low |
2018-03-03 |
Banner Grabbing - Apache Server Version Disclousure |
Information Disclosure |
cybertiger |
No rating |
2017-10-22 |
owncloud.com open redirect |
Open Redirect |
niced4y |
No rating |
2017-08-14 |
This is not the security issue. |
None supplied |
utkarsh123 |
No rating |
2017-08-09 |
HTML Injection in Owncloud |
Resource Injection |
sinkmanu |
Medium |
2017-07-06 |
doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) |
None supplied |
js_whitehat |
High |
2017-06-01 |
HTML injection in Desktop Client |
Cross-site Scripting (XSS) - Generic |
lukasreschke |
Low |
2017-05-23 |
password reset email spamming |
Improper Access Control - Generic |
xifengweiyu |
Low |
2017-05-17 |
bug reporting template encourages users to paste config file with passwords |
Information Disclosure |
hanno |
Low |
2017-04-21 |
User Information Disclosure via REST API |
Information Disclosure |
alykode |
Low |
2017-04-19 |
Stored xss |
Cross-site Scripting (XSS) - Generic |
twi0x00tter |
No rating |
2017-03-30 |
Outdated Jenkins server hosted at OwnCloud.org |
Information Disclosure |
ak_1337 |
No rating |
2017-03-30 |
SMB User Authentication Bypass and Persistence |
Improper Authentication - Generic |
rhinosecuritylabs |
No rating |
2016-11-26 |
Arbitrary Code Injection in ownCloud’s Windows Client |
Command Injection - Generic |
fbogner |
No rating |
2016-11-23 |
[api.owncloud.org] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-11-02 |
[doc.owncloud.org] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-11-02 |
Accessable Htaccess |
Information Disclosure |
dhanunjaya |
No rating |
2016-09-26 |
ownCloud 2.2.2.6192 DLL Hijacking Vulnerability |
Code Injection |
lionheartrox |
No rating |
2016-08-31 |
[forum.owncloud.org] IE, Edge XSS via Request-URI |
Cross-site Scripting (XSS) - Generic |
bobrov |
No rating |
2016-08-30 |
Open Redirector via (apps/files_pdfviewer) for un-authenticated users. |
Open Redirect |
penrose |
No rating |
2016-07-02 |
doc.owncloud.com: PHP info page disclosure |
Information Disclosure |
pseekamp |
No rating |
2016-05-24 |
doc.owncloud.org: XSS via Referrer |
Cross-site Scripting (XSS) - Generic |
sandh0t |
No rating |
2016-04-15 |
Cross site scripting in apps.owncloud.com |
Cross-site Scripting (XSS) - Generic |
kalihat007 |
No rating |
2016-04-12 |
doc.owncloud.org: X-XSS-Protection not enabled |
Cross-site Scripting (XSS) - Generic |
nehalh13 |
No rating |
2016-04-09 |
doc.owncloud.org has missing PHP handler |
Information Disclosure |
cjusten |
No rating |
2016-04-04 |
Exploiting unauthenticated encryption mode |
Cryptographic Issues - Generic |
hanno |
No rating |
2016-04-04 |
Reflected XSS in owncloud.com |
Cross-site Scripting (XSS) - Generic |
sergeym |
No rating |
2016-04-01 |
owncloud.com: Parameter pollution in social sharing buttons |
Violation of Secure Design Principles |
gorang_joshi |
No rating |
2016-03-14 |
owncloud.com: Account Compromise Through CSRF |
Cross-Site Request Forgery (CSRF) |
architaa |
No rating |
2016-03-11 |
apps.owncloud.com: CSRF change privacy settings |
Cross-Site Request Forgery (CSRF) |
nait_lamine |
No rating |
2016-03-11 |
CSRF in apps.owncloud.com |
Cross-Site Request Forgery (CSRF) |
nait_lamine |
No rating |
2016-03-10 |
Lack of HSTS on https://apps.owncloud.com |
Cryptographic Issues - Generic |
prayas |
No rating |
2016-03-10 |
apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only) |
Cross-site Scripting (XSS) - Generic |
psych0tr1a |
No rating |
2016-03-10 |
DROWN Attack |
Cryptographic Issues - Generic |
eugui |
No rating |
2016-03-03 |
No Any Kind of Protection on Delete account |
Improper Authentication - Generic |
gamhody_ |
No rating |
2016-03-02 |
The csrf token remains same after user logs in |
Violation of Secure Design Principles |
mrsihag |
No rating |
2016-02-25 |
owncloud.com: Persistent XSS In Account Profile |
Cross-site Scripting (XSS) - Generic |
securitary |
No rating |
2016-02-15 |
otrs.owncloud.com: Reflected Cross-Site Scripting |
Cross-site Scripting (XSS) - Generic |
arover7 |
No rating |
2016-02-10 |
Self-XSS in mails sent by [email protected] |
Violation of Secure Design Principles |
dz_samir |
No rating |
2016-02-06 |
Mixed Active Scripting Issue on stats.owncloud.org |
Violation of Secure Design Principles |
ishahriyar |
No rating |
2016-02-06 |
s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability |
Cross-site Scripting (XSS) - Generic |
ashesh |
No rating |
2016-02-05 |
*.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers |
Violation of Secure Design Principles |
c0ldb00t3r |
No rating |
2016-02-05 |
test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability |
Improper Authentication - Generic |
ashesh |
No rating |
2016-02-01 |
s2.owncloud.com: SSL Session cookie without secure flag set |
Information Disclosure |
ashesh |
No rating |
2016-01-28 |
XXE at host vpn.owncloud.com |
Command Injection - Generic |
d0znpp |
No rating |
2016-01-27 |
owncloud.help: Text Injection |
Violation of Secure Design Principles |
geekh |
No rating |
2016-01-23 |
Information Exposure Through Directory Listing |
Information Disclosure |
erlijnvangenuchten |
No rating |
2016-01-14 |
Full Path Disclosure |
Information Disclosure |
ishahriyar |
No rating |
2016-01-06 |
Full Path Disclosure |
Information Disclosure |
ishahriyar |
No rating |
2016-01-06 |
Apache documentation |
Information Disclosure |
ba4fe4ca95021d367f8a574 |
No rating |
2016-01-04 |
[https://test1.owncloud.com/owncloud6/] Guessable password used for admin user |
None supplied |
molejarka |
No rating |
2016-01-02 |
apps.owncloud.com: Referer protection Bypassed |
Improper Authentication - Generic |
herlove |
No rating |
2016-01-02 |
Apache Range Header Denial of Service Attack (Confirmed PoC) |
Denial of Service |
1n3 |
No rating |
2016-01-01 |
directory listing in https://demo.owncloud.org/doc/ |
Information Disclosure |
ba4fe4ca95021d367f8a574 |
No rating |
2016-01-01 |
owncloud.com: Content Sniffing not disabled |
Violation of Secure Design Principles |
mohammedalsaggaf |
No rating |
2015-11-12 |
RCE in ci.owncloud.com / ci.owncloud.org |
Code Injection |
tomdev |
No rating |
2015-11-09 |
apps.owncloud.com: Potential XSS |
Cross-site Scripting (XSS) - Generic |
ala_arfaoui |
No rating |
2015-11-04 |
apps.owncloud.com: Session Cookie in URL can be captured by hackers |
Improper Authentication - Generic |
ashesh |
No rating |
2015-10-31 |
owncloud.com: WP Super Cache plugin is outdated |
Cross-site Scripting (XSS) - Generic |
ba4fe4ca95021d367f8a574 |
No rating |
2015-10-30 |
apps.owncloud.com: Stored XSS in profile page |
Cross-site Scripting (XSS) - Generic |
enderun07 |
No rating |
2015-10-11 |
apps.owncloud.com: XSS via referrer |
Cross-site Scripting (XSS) - Generic |
psych0tr1a |
No rating |
2015-10-11 |
apps.owncloud.com: Mixed Active Scripting Issue |
Information Disclosure |
suhas_gaikwad |
No rating |
2015-10-11 |
Webview Vulnerablity [OwnCloudAndroid Application] |
Cross-site Scripting (XSS) - Generic |
avicoder_ |
No rating |
2015-10-11 |
Config |
Violation of Secure Design Principles |
paulos_ |
No rating |
2015-10-11 |
owncloud.com: Cross Site Tracing |
Cross-site Scripting (XSS) - Generic |
psych0tr1a |
No rating |
2015-10-11 |
owncloud.com: DOM Based XSS |
Cross-site Scripting (XSS) - Generic |
hammadshamsi |
No rating |
2015-10-11 |
owncloud.com: PermError SPF Permanent Error: Too many DNS lookups |
Violation of Secure Design Principles |
karthic |
No rating |
2015-10-11 |
owncloud.com: Outdated plugins contains public exploits |
Violation of Secure Design Principles |
dad |
No rating |
2015-10-11 |
demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack |
Cryptographic Issues - Generic |
paresh_parmar |
No rating |
2015-10-09 |
No email verification during registration |
Improper Authentication - Generic |
ok_ok |
No rating |
2015-09-28 |
[s3.owncloud.com] Web Server HTTP Trace/Track Method Support |
Violation of Secure Design Principles |
bigbear_ |
No rating |
2015-09-28 |
owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) |
Denial of Service |
1n3 |
No rating |
2015-09-16 |
apps.owncloud.com: SSL Session cookie without secure flag set |
Improper Authentication - Generic |
ashesh |
No rating |
2015-09-15 |
apps.owncloud.com: Path Disclosure |
Information Disclosure |
ashesh |
No rating |
2015-09-11 |
apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) |
Memory Corruption - Generic |
ashesh |
No rating |
2015-09-11 |
demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability |
Cross-site Scripting (XSS) - Generic |
ashesh |
No rating |
2015-09-11 |
owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF) |
Cross-Site Request Forgery (CSRF) |
jaysonzabate |
No rating |
2015-09-11 |
gallery_plus: Content Spoofing |
Violation of Secure Design Principles |
ishahriyar |
No rating |
2015-09-11 |
apps.owncloud.com: Edit Question didn't check ACLs |
Privilege Escalation |
dz_samir |
No rating |
2015-09-11 |
daily.owncloud.com: Information disclosure |
Privilege Escalation |
c0ldb00t3r |
No rating |
2015-09-11 |
Password appears in user name field |
Violation of Secure Design Principles |
shivathegame |
No rating |
2015-09-11 |
apps.owncloud.com: Malicious file upload leads to remote code execution |
Code Injection |
imadchabounia |
No rating |
2015-09-01 |