News
Features
About
Documentation
Developer
Commercial →
Install
Try it!
About ownCloud
Contact
Community Code of Conduct
Contributor Agreement
Security Policy
Advisories
Advisories
ownCloud Server
Open vulnerabilities
Admin can decrypt user files
(CVE-2012-5236)
5.0.6
Multiple SQL Injections
(oC-SA-2013-019)
Multiple directory traversals
(oC-SA-2013-020)
Multiple XSS vulnerabilities
(oC-SA-2013-021)
Open redirector
(oC-SA-2013-022)
Password autocompletion
(oC-SA-2013-023)
Privilege escalation in the calendar application
(oC-SA-2013-024)
Privilege escalation and CSRF in the API
(oC-SA-2013-025)
Incomplete blacklist vulnerability
(oC-SA-2013-026)
CSRF token leakage
(oC-SA-2013-027)
5.0.5
XSS vulnerability in MediaElement.js
(oC-SA-2013-017)
Privilege escalation in the contacts application
(oC-SA-2013-018)
5.0.4
XSS vulnerability in jPlayer
(oC-SA-2013-014)
PostgreSQL: Insecure database password generator
(oC-SA-2013-015)
Windows: Local file disclosure
(oC-SA-2013-016)
5.0.3
Multiple XSS vulnerabilities
(oC-SA-2013-011)
contacts: SQL Injection
(oC-SA-2013-012)
4.5.11
Multiple SQL Injections
(oC-SA-2013-019)
Multiple directory traversals
(oC-SA-2013-020)
Multiple XSS vulnerabilities
(oC-SA-2013-021)
Privilege escalation in the calendar application
(oC-SA-2013-024)
4.5.10
XSS vulnerability in MediaElement.js
(oC-SA-2013-017)
Privilege escalation in the contacts application
(oC-SA-2013-018)
4.5.9
XSS vulnerability in jPlayer
(oC-SA-2013-014)
PostgreSQL: Insecure database password generator
(oC-SA-2013-015)
Windows: Local file disclosure
(oC-SA-2013-016)
4.5.8
Multiple XSS vulnerabilities
(oC-SA-2013-008)
Contacts: Bypass of file blacklist
(oC-SA-2013-009)
user_migrate: Local file disclosure
(oC-SA-2013-010)
4.5.7
Multiple XSS vulnerabilities
(oC-SA-2013-003)
Multiple CSRF vulnerabilities
(oC-SA-2013-004)
PHP settings disclosure
(oC-SA-2013-005)
Multiple code executions
(oC-SA-2013-006)
Privilege escalation in the calendar application
(oC-SA-2013-007)
4.5.6
Multiple XSS vulnerabilities
(oC-SA-2013-001)
Code execution in external storage
(oC-SA-2013-002)
4.5.5
Auth bypass in user_webdavauth and user_ldap
(oC-SA-2012-006)
XSS vulnerability in bookmarks
(oC-SA-2012-007)
4.5.2
XSS vulnerability in user_webdavauth
(oC-SA-2012-003)
Code Execution in /lib/migrate.php
(oC-SA-2012-004)
Code Execution in /lib/filesystem.php
(oC-SA-2012-005)
4.5.1
Multiple XSS vulnerabilities
(oC-SA-2012-001)
Timing attack in the “Lost Password” implementation
(oC-SA-2012-002)
4.0.15
Multiple directory traversals
(oC-SA-2013-020)
Multiple XSS vulnerabilities
(oC-SA-2013-021)
4.0.14
XSS vulnerability in jPlayer
(oC-SA-2013-014)
PostgreSQL: Insecure database password generator
(oC-SA-2013-015)
Windows: Local file disclosure
(oC-SA-2013-016)
4.0.13
Contacts: Bypass of file blacklist
(oC-SA-2013-009)
user_migrate: Local file disclosure
(oC-SA-2013-010)
4.0.12
Multiple XSS vulnerabilities
(oC-SA-2013-003)
Multiple CSRF vulnerabilities
(oC-SA-2013-004)
Multiple code executions
(oC-SA-2013-006)
4.0.11
Multiple XSS vulnerabilities
(oC-SA-2013-001)
4.0.10
Auth bypass in user_webdavauth and user_ldap
(oC-SA-2012-006)
XSS vulnerability in bookmarks
(oC-SA-2012-007)
4.0.9
Multiple XSS vulnerabilities
(oC-SA-2012-001)
Timing attack in the “Lost Password” implementation
(oC-SA-2012-002)
Code Execution in /lib/migrate.php
(oC-SA-2012-004)
Code Execution in /lib/filesystem.php
(oC-SA-2012-005)
4.0.8
Insufficiently Random Values
(CVE-2008-4107)
Multiple XSS vulnerabilities
(CVE-2012-5056)
HTTP header injection
(CVE-2012-5057)
Auth bypass in /lib/base.php
(CVE-2012-5336)
4.0.7
Code execution in /lib/migrate.php
(CVE-2012-4389)
User enumeration
(CVE-2012-4390)
CSRF in appconfig.php
(CVE-2012-4391)
Auth bypass in index.php
(CVE-2012-4392)
4.0.6
Auth bypass in appconfig.php
(CVE-2012-4752)
Several CSRF security fixes
(CVE-2012-4393)
4.0.5
Reflected XSS in the file list
(CVE-2012-4394)
4.0.3
Reflected XSS
(CVE-2012-4395)
4.0.2
Multiple reflected XSS
(CVE-2012-4396)
4.0.1
Multiple persistent XSS
(CVE-2012-4397)
3.0.4
Multiple reflected XSS in ownCloud 3.0.0
(CVE-2012-2269)
Open redirect vulnerability in index.php
(CVE-2012-2270)
Cross-site request forgery
(CVE-2012-2397)
Reflected XSS in files/ajax/download.php
(CVE-2012-2398)
