Skip to content

Latest commit

 

History

History
94 lines (93 loc) · 11 KB

TOPOWNCLOUD.md

File metadata and controls

94 lines (93 loc) · 11 KB
Raw

Top reports from ownCloud program at HackerOne:

  1. Possible to steal any protected files on Android to ownCloud - 111 upvotes, $750
  2. Federated share permissions can be increased by recipient to ownCloud - 25 upvotes, $500
  3. Banner Grabbing - Apache Server Version Disclousure to ownCloud - 19 upvotes, $0
  4. Arbitrary Code Injection in ownCloud’s Windows Client to ownCloud - 16 upvotes, $100
  5. Remote Code Execution through Deserialization Attack in OwnBackup app. to ownCloud - 15 upvotes, $0
  6. Remote Code Execution through "Files_antivirus" plugin to ownCloud - 14 upvotes, $0
  7. GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java (GHSL-2022-060) to ownCloud - 11 upvotes, $50
  8. Theft of protected files on Android to ownCloud - 10 upvotes, $50
  9. Password Complexity Not Enforced On Password Change to ownCloud - 9 upvotes, $0
  10. Protocol Smuggling over LDAP password field to ownCloud - 9 upvotes, $0
  11. SMB User Authentication Bypass and Persistence to ownCloud - 8 upvotes, $150
  12. RCE in ci.owncloud.com / ci.owncloud.org to ownCloud - 8 upvotes, $0
  13. [api.owncloud.org] CRLF Injection to ownCloud - 7 upvotes, $0
  14. User Information Disclosure via REST API to ownCloud - 7 upvotes, $0
  15. GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059) to ownCloud - 6 upvotes, $300
  16. HTML Injection in Owncloud to ownCloud - 6 upvotes, $150
  17. Accessable Htaccess to ownCloud - 6 upvotes, $0
  18. Outdated Jenkins server hosted at OwnCloud.org to ownCloud - 6 upvotes, $0
  19. Open Redirector via (apps/files_pdfviewer) for un-authenticated users. to ownCloud - 5 upvotes, $150
  20. ownCloud 2.2.2.6192 DLL Hijacking Vulnerability to ownCloud - 5 upvotes, $50
  21. apps.owncloud.com: Malicious file upload leads to remote code execution to ownCloud - 5 upvotes, $0
  22. [doc.owncloud.org] CRLF Injection to ownCloud - 5 upvotes, $0
  23. HTML injection in Desktop Client to ownCloud - 5 upvotes, $0
  24. Remote Code Execution on ownCloud instances with ImageMagick installed to ownCloud - 5 upvotes, $0
  25. Exploiting unauthenticated encryption mode to ownCloud - 4 upvotes, $350
  26. Stored xss to ownCloud - 4 upvotes, $0
  27. apps.owncloud.com: XSS via referrer to ownCloud - 3 upvotes, $0
  28. owncloud.com: Parameter pollution in social sharing buttons to ownCloud - 3 upvotes, $0
  29. Reflected XSS in owncloud.com to ownCloud - 3 upvotes, $0
  30. Cross site scripting in apps.owncloud.com to ownCloud - 3 upvotes, $0
  31. doc.owncloud.org: XSS via Referrer to ownCloud - 3 upvotes, $0
  32. bug reporting template encourages users to paste config file with passwords to ownCloud - 3 upvotes, $0
  33. doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 3 upvotes, $0
  34. Password appears in user name field to ownCloud - 2 upvotes, $0
  35. apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) to ownCloud - 2 upvotes, $0
  36. Webview Vulnerablity [OwnCloudAndroid Application] to ownCloud - 2 upvotes, $0
  37. owncloud.com: Content Sniffing not disabled to ownCloud - 2 upvotes, $0
  38. XXE at host vpn.owncloud.com to ownCloud - 2 upvotes, $0
  39. Lack of HSTS on https://apps.owncloud.com to ownCloud - 2 upvotes, $0
  40. CSRF in apps.owncloud.com to ownCloud - 2 upvotes, $0
  41. [forum.owncloud.org] IE, Edge XSS via Request-URI to ownCloud - 2 upvotes, $0
  42. password reset email spamming to ownCloud - 2 upvotes, $0
  43. owncloud.com open redirect to ownCloud - 2 upvotes, $0
  44. Information Exposure Through Directory Listing to ownCloud - 1 upvotes, $250
  45. Full Path Disclosure to ownCloud - 1 upvotes, $25
  46. apps.owncloud.com: Edit Question didn't check ACLs to ownCloud - 1 upvotes, $0
  47. gallery_plus: Content Spoofing to ownCloud - 1 upvotes, $0
  48. apps.owncloud.com: Path Disclosure to ownCloud - 1 upvotes, $0
  49. [s3.owncloud.com] Web Server HTTP Trace/Track Method Support to ownCloud - 1 upvotes, $0
  50. demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack to ownCloud - 1 upvotes, $0
  51. Config to ownCloud - 1 upvotes, $0
  52. apps.owncloud.com: Stored XSS in profile page to ownCloud - 1 upvotes, $0
  53. owncloud.com: Outdated plugins contains public exploits to ownCloud - 1 upvotes, $0
  54. apps.owncloud.com: Session Cookie in URL can be captured by hackers to ownCloud - 1 upvotes, $0
  55. apps.owncloud.com: Potential XSS to ownCloud - 1 upvotes, $0
  56. Apache Range Header Denial of Service Attack (Confirmed PoC) to ownCloud - 1 upvotes, $0
  57. Self-XSS in mails sent by hello@owncloud.com to ownCloud - 1 upvotes, $0
  58. owncloud.com: Persistent XSS In Account Profile to ownCloud - 1 upvotes, $0
  59. owncloud.com: Account Compromise Through CSRF to ownCloud - 1 upvotes, $0
  60. doc.owncloud.org has missing PHP handler to ownCloud - 1 upvotes, $0
  61. doc.owncloud.org: X-XSS-Protection not enabled to ownCloud - 1 upvotes, $0
  62. doc.owncloud.com: PHP info page disclosure to ownCloud - 1 upvotes, $0
  63. This is not the security issue. to ownCloud - 1 upvotes, $0
  64. Full Path Disclosure to ownCloud - 0 upvotes, $25
  65. daily.owncloud.com: Information disclosure to ownCloud - 0 upvotes, $0
  66. owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF) to ownCloud - 0 upvotes, $0
  67. demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  68. apps.owncloud.com: SSL Session cookie without secure flag set to ownCloud - 0 upvotes, $0
  69. owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 0 upvotes, $0
  70. No email verification during registration to ownCloud - 0 upvotes, $0
  71. apps.owncloud.com: Mixed Active Scripting Issue to ownCloud - 0 upvotes, $0
  72. owncloud.com: PermError SPF Permanent Error: Too many DNS lookups to ownCloud - 0 upvotes, $0
  73. owncloud.com: DOM Based XSS to ownCloud - 0 upvotes, $0
  74. owncloud.com: Cross Site Tracing to ownCloud - 0 upvotes, $0
  75. owncloud.com: WP Super Cache plugin is outdated to ownCloud - 0 upvotes, $0
  76. directory listing in https://demo.owncloud.org/doc/ to ownCloud - 0 upvotes, $0
  77. apps.owncloud.com: Referer protection Bypassed to ownCloud - 0 upvotes, $0
  78. [https://test1.owncloud.com/owncloud6/] Guessable password used for admin user to ownCloud - 0 upvotes, $0
  79. Apache documentation to ownCloud - 0 upvotes, $0
  80. owncloud.help: Text Injection to ownCloud - 0 upvotes, $0
  81. s2.owncloud.com: SSL Session cookie without secure flag set to ownCloud - 0 upvotes, $0
  82. test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  83. *.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers to ownCloud - 0 upvotes, $0
  84. s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  85. Mixed Active Scripting Issue on stats.owncloud.org to ownCloud - 0 upvotes, $0
  86. otrs.owncloud.com: Reflected Cross-Site Scripting to ownCloud - 0 upvotes, $0
  87. The csrf token remains same after user logs in to ownCloud - 0 upvotes, $0
  88. No Any Kind of Protection on Delete account to ownCloud - 0 upvotes, $0
  89. DROWN Attack to ownCloud - 0 upvotes, $0
  90. apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only) to ownCloud - 0 upvotes, $0
  91. apps.owncloud.com: CSRF change privacy settings to ownCloud - 0 upvotes, $0
  92. File System Monitoring Queue Overflow to ownCloud - 0 upvotes, $0