Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

ownCloud - HackerOne Reports

View on HackerOne

31

Total Reports

2

Critical

3

High

5

Medium

9

Low

File System Monitoring Queue Overflow

Reported by: ihsinme | Disclosed:

Low

Weakness: Business Logic Errors

Theft of protected files on Android

Reported by: n00b-cyborg | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $50.00

Arbitrary Code Injection in ownCloud’s Windows Client

Reported by: fbogner | Disclosed:

Weakness: Command Injection - Generic

owncloud.com open redirect

Reported by: hehehhehehe | Disclosed:

Weakness: Open Redirect

Protocol Smuggling over LDAP password field

Reported by: pabl00nicarres | Disclosed:

Low

Weakness: CRLF Injection

bug reporting template encourages users to paste config file with passwords

Reported by: hanno | Disclosed:

Low

Weakness: Information Disclosure

ownCloud 2.2.2.6192 DLL Hijacking Vulnerability

Reported by: lionheartrox | Disclosed:

Weakness: Code Injection

Bounty: $50.00

[doc.owncloud.org] CRLF Injection

Reported by: bobrov | Disclosed:

[api.owncloud.org] CRLF Injection

Reported by: bobrov | Disclosed:

[forum.owncloud.org] IE, Edge XSS via Request-URI

Reported by: bobrov | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Stored xss

Reported by: twi0x00tter | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

SMB User Authentication Bypass and Persistence

Reported by: rhinosecuritylabs | Disclosed:

Weakness: Improper Authentication - Generic

Authentication Bypass with usage of PreSignedURL

Reported by: kolokokop | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $2000.00

password reset email spamming

Reported by: xifengweiyu | Disclosed:

Low

Weakness: Improper Access Control - Generic

Remote Code Execution on ownCloud instances with ImageMagick installed

Reported by: lukasreschke | Disclosed:

Critical

Weakness: Code Injection

Remote Code Execution through Deserialization Attack in OwnBackup app.

Reported by: q3rv0 | Disclosed:

Critical

Weakness: Deserialization of Untrusted Data

GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java (GHSL-2022-060)

Reported by: atorralba | Disclosed:

Low

Weakness: Path Traversal

Bounty: $50.00

GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)

Reported by: atorralba | Disclosed:

Medium

Weakness: SQL Injection

Bounty: $300.00

Possible to steal any protected files on Android

Reported by: shell_c0de | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $750.00

User Information Disclosure via REST API

Reported by: 4websecurity | Disclosed:

Low

Weakness: Information Disclosure

Page 1 of 2 Next