An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1…

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and …

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on W…

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modif…

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows r…

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF…

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows …

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suff…

The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.…

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenti…

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote at…

Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated u…

The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x …

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from …

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.…

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote…

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attac…

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop cl…

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access b…

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows…

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x bef…

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attac…

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB command…

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote …

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and…

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attacke…

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settin…

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows…

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.1…

Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud…

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote a…

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x bef…

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allo…

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly ch…

The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the adm…

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from …

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote au…

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access rest…

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before …

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow re…