OwnCloud


85 total issues disclosed

$2,000 total paid publicly


Most disclosed (19 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
File System Monitoring Queue Overflow Business Logic Errors ihsinme Low 2021-12-03
Possible to steal any protected files on Android Information Disclosure shell_c0de Medium 2021-11-15
Remote Code Execution through "Files_antivirus" plugin Code Injection pabl00nicarres Medium 2021-06-21
Password Complexity Not Enforced On Password Change Violation of Secure Design Principles wdem Low 2018-03-03
Banner Grabbing - Apache Server Version Disclousure Information Disclosure cybertiger No rating 2017-10-22
owncloud.com open redirect Open Redirect niced4y No rating 2017-08-14
This is not the security issue. None supplied utkarsh123 No rating 2017-08-09
HTML Injection in Owncloud Resource Injection sinkmanu Medium 2017-07-06
doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) None supplied js_whitehat High 2017-06-01
HTML injection in Desktop Client Cross-site Scripting (XSS) - Generic lukasreschke Low 2017-05-23
password reset email spamming Improper Access Control - Generic xifengweiyu Low 2017-05-17
bug reporting template encourages users to paste config file with passwords Information Disclosure hanno Low 2017-04-21
User Information Disclosure via REST API Information Disclosure alykode Low 2017-04-19
Stored xss Cross-site Scripting (XSS) - Generic twi0x00tter No rating 2017-03-30
Outdated Jenkins server hosted at OwnCloud.org Information Disclosure ak_1337 No rating 2017-03-30
SMB User Authentication Bypass and Persistence Improper Authentication - Generic rhinosecuritylabs No rating 2016-11-26
Arbitrary Code Injection in ownCloud’s Windows Client Command Injection - Generic fbogner No rating 2016-11-23
[api.owncloud.org] CRLF Injection None supplied bobrov No rating 2016-11-02
[doc.owncloud.org] CRLF Injection None supplied bobrov No rating 2016-11-02
Accessable Htaccess Information Disclosure dhanunjaya No rating 2016-09-26
ownCloud 2.2.2.6192 DLL Hijacking Vulnerability Code Injection lionheartrox No rating 2016-08-31
[forum.owncloud.org] IE, Edge XSS via Request-URI Cross-site Scripting (XSS) - Generic bobrov No rating 2016-08-30
Open Redirector via (apps/files_pdfviewer) for un-authenticated users. Open Redirect penrose No rating 2016-07-02
doc.owncloud.com: PHP info page disclosure Information Disclosure pseekamp No rating 2016-05-24
doc.owncloud.org: XSS via Referrer Cross-site Scripting (XSS) - Generic sandh0t No rating 2016-04-15
Cross site scripting in apps.owncloud.com Cross-site Scripting (XSS) - Generic kalihat007 No rating 2016-04-12
doc.owncloud.org: X-XSS-Protection not enabled Cross-site Scripting (XSS) - Generic nehalh13 No rating 2016-04-09
doc.owncloud.org has missing PHP handler Information Disclosure cjusten No rating 2016-04-04
Exploiting unauthenticated encryption mode Cryptographic Issues - Generic hanno No rating 2016-04-04
Reflected XSS in owncloud.com Cross-site Scripting (XSS) - Generic sergeym No rating 2016-04-01
owncloud.com: Parameter pollution in social sharing buttons Violation of Secure Design Principles gorang_joshi No rating 2016-03-14
owncloud.com: Account Compromise Through CSRF Cross-Site Request Forgery (CSRF) architaa No rating 2016-03-11
apps.owncloud.com: CSRF change privacy settings Cross-Site Request Forgery (CSRF) nait_lamine No rating 2016-03-11
CSRF in apps.owncloud.com Cross-Site Request Forgery (CSRF) nait_lamine No rating 2016-03-10
Lack of HSTS on https://apps.owncloud.com Cryptographic Issues - Generic prayas No rating 2016-03-10
apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only) Cross-site Scripting (XSS) - Generic psych0tr1a No rating 2016-03-10
DROWN Attack Cryptographic Issues - Generic eugui No rating 2016-03-03
No Any Kind of Protection on Delete account Improper Authentication - Generic gamhody_ No rating 2016-03-02
The csrf token remains same after user logs in Violation of Secure Design Principles mrsihag No rating 2016-02-25
owncloud.com: Persistent XSS In Account Profile Cross-site Scripting (XSS) - Generic securitary No rating 2016-02-15
otrs.owncloud.com: Reflected Cross-Site Scripting Cross-site Scripting (XSS) - Generic arover7 No rating 2016-02-10
Self-XSS in mails sent by [email protected] Violation of Secure Design Principles dz_samir No rating 2016-02-06
Mixed Active Scripting Issue on stats.owncloud.org Violation of Secure Design Principles ishahriyar No rating 2016-02-06
s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability Cross-site Scripting (XSS) - Generic ashesh No rating 2016-02-05
*.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers Violation of Secure Design Principles c0ldb00t3r No rating 2016-02-05
test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability Improper Authentication - Generic ashesh No rating 2016-02-01
s2.owncloud.com: SSL Session cookie without secure flag set Information Disclosure ashesh No rating 2016-01-28
XXE at host vpn.owncloud.com Command Injection - Generic d0znpp No rating 2016-01-27
owncloud.help: Text Injection Violation of Secure Design Principles geekh No rating 2016-01-23
Information Exposure Through Directory Listing Information Disclosure erlijnvangenuchten No rating 2016-01-14
Full Path Disclosure Information Disclosure ishahriyar No rating 2016-01-06
Full Path Disclosure Information Disclosure ishahriyar No rating 2016-01-06
Apache documentation Information Disclosure ba4fe4ca95021d367f8a574 No rating 2016-01-04
[https://test1.owncloud.com/owncloud6/] Guessable password used for admin user None supplied molejarka No rating 2016-01-02
apps.owncloud.com: Referer protection Bypassed Improper Authentication - Generic herlove No rating 2016-01-02
Apache Range Header Denial of Service Attack (Confirmed PoC) Denial of Service 1n3 No rating 2016-01-01
directory listing in https://demo.owncloud.org/doc/ Information Disclosure ba4fe4ca95021d367f8a574 No rating 2016-01-01
owncloud.com: Content Sniffing not disabled Violation of Secure Design Principles mohammedalsaggaf No rating 2015-11-12
RCE in ci.owncloud.com / ci.owncloud.org Code Injection tomdev No rating 2015-11-09
apps.owncloud.com: Potential XSS Cross-site Scripting (XSS) - Generic ala_arfaoui No rating 2015-11-04
apps.owncloud.com: Session Cookie in URL can be captured by hackers Improper Authentication - Generic ashesh No rating 2015-10-31
owncloud.com: WP Super Cache plugin is outdated Cross-site Scripting (XSS) - Generic ba4fe4ca95021d367f8a574 No rating 2015-10-30
apps.owncloud.com: Stored XSS in profile page Cross-site Scripting (XSS) - Generic enderun07 No rating 2015-10-11
apps.owncloud.com: XSS via referrer Cross-site Scripting (XSS) - Generic psych0tr1a No rating 2015-10-11
apps.owncloud.com: Mixed Active Scripting Issue Information Disclosure suhas_gaikwad No rating 2015-10-11
Webview Vulnerablity [OwnCloudAndroid Application] Cross-site Scripting (XSS) - Generic avicoder_ No rating 2015-10-11
Config Violation of Secure Design Principles paulos_ No rating 2015-10-11
owncloud.com: Cross Site Tracing Cross-site Scripting (XSS) - Generic psych0tr1a No rating 2015-10-11
owncloud.com: DOM Based XSS Cross-site Scripting (XSS) - Generic hammadshamsi No rating 2015-10-11
owncloud.com: PermError SPF Permanent Error: Too many DNS lookups Violation of Secure Design Principles karthic No rating 2015-10-11
owncloud.com: Outdated plugins contains public exploits Violation of Secure Design Principles dad No rating 2015-10-11
demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack Cryptographic Issues - Generic paresh_parmar No rating 2015-10-09
No email verification during registration Improper Authentication - Generic ok_ok No rating 2015-09-28
[s3.owncloud.com] Web Server HTTP Trace/Track Method Support Violation of Secure Design Principles bigbear_ No rating 2015-09-28
owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) Denial of Service 1n3 No rating 2015-09-16
apps.owncloud.com: SSL Session cookie without secure flag set Improper Authentication - Generic ashesh No rating 2015-09-15
apps.owncloud.com: Path Disclosure Information Disclosure ashesh No rating 2015-09-11
apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) Memory Corruption - Generic ashesh No rating 2015-09-11
demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability Cross-site Scripting (XSS) - Generic ashesh No rating 2015-09-11
owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF) Cross-Site Request Forgery (CSRF) jaysonzabate No rating 2015-09-11
gallery_plus: Content Spoofing Violation of Secure Design Principles ishahriyar No rating 2015-09-11
apps.owncloud.com: Edit Question didn't check ACLs Privilege Escalation dz_samir No rating 2015-09-11
daily.owncloud.com: Information disclosure Privilege Escalation c0ldb00t3r No rating 2015-09-11
Password appears in user name field Violation of Secure Design Principles shivathegame No rating 2015-09-11
apps.owncloud.com: Malicious file upload leads to remote code execution Code Injection imadchabounia No rating 2015-09-01