Skip to content

Latest commit

 

History

History
91 lines (90 loc) · 10.6 KB

TOPOWNCLOUD.md

File metadata and controls

91 lines (90 loc) · 10.6 KB

Top reports from ownCloud program at HackerOne:

  1. Possible to steal any protected files on Android to ownCloud - 111 upvotes, $750
  2. Banner Grabbing - Apache Server Version Disclousure to ownCloud - 19 upvotes, $0
  3. Arbitrary Code Injection in ownCloud’s Windows Client to ownCloud - 16 upvotes, $100
  4. Remote Code Execution through Deserialization Attack in OwnBackup app. to ownCloud - 15 upvotes, $0
  5. Remote Code Execution through "Files_antivirus" plugin to ownCloud - 14 upvotes, $0
  6. GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java (GHSL-2022-060) to ownCloud - 11 upvotes, $50
  7. Theft of protected files on Android to ownCloud - 10 upvotes, $50
  8. Protocol Smuggling over LDAP password field to ownCloud - 9 upvotes, $50
  9. Password Complexity Not Enforced On Password Change to ownCloud - 9 upvotes, $0
  10. SMB User Authentication Bypass and Persistence to ownCloud - 8 upvotes, $150
  11. RCE in ci.owncloud.com / ci.owncloud.org to ownCloud - 8 upvotes, $0
  12. User Information Disclosure via REST API to ownCloud - 7 upvotes, $0
  13. HTML Injection in Owncloud to ownCloud - 6 upvotes, $150
  14. Accessable Htaccess to ownCloud - 6 upvotes, $0
  15. [api.owncloud.org] CRLF Injection to ownCloud - 6 upvotes, $0
  16. Outdated Jenkins server hosted at OwnCloud.org to ownCloud - 6 upvotes, $0
  17. Open Redirector via (apps/files_pdfviewer) for un-authenticated users. to ownCloud - 5 upvotes, $150
  18. ownCloud 2.2.2.6192 DLL Hijacking Vulnerability to ownCloud - 5 upvotes, $50
  19. apps.owncloud.com: Malicious file upload leads to remote code execution to ownCloud - 5 upvotes, $0
  20. HTML injection in Desktop Client to ownCloud - 5 upvotes, $0
  21. Exploiting unauthenticated encryption mode to ownCloud - 4 upvotes, $350
  22. [doc.owncloud.org] CRLF Injection to ownCloud - 4 upvotes, $0
  23. Stored xss to ownCloud - 4 upvotes, $0
  24. apps.owncloud.com: XSS via referrer to ownCloud - 3 upvotes, $0
  25. owncloud.com: Parameter pollution in social sharing buttons to ownCloud - 3 upvotes, $0
  26. Reflected XSS in owncloud.com to ownCloud - 3 upvotes, $0
  27. Cross site scripting in apps.owncloud.com to ownCloud - 3 upvotes, $0
  28. doc.owncloud.org: XSS via Referrer to ownCloud - 3 upvotes, $0
  29. bug reporting template encourages users to paste config file with passwords to ownCloud - 3 upvotes, $0
  30. doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 3 upvotes, $0
  31. Password appears in user name field to ownCloud - 2 upvotes, $0
  32. apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP) to ownCloud - 2 upvotes, $0
  33. Webview Vulnerablity [OwnCloudAndroid Application] to ownCloud - 2 upvotes, $0
  34. owncloud.com: Content Sniffing not disabled to ownCloud - 2 upvotes, $0
  35. XXE at host vpn.owncloud.com to ownCloud - 2 upvotes, $0
  36. Lack of HSTS on https://apps.owncloud.com to ownCloud - 2 upvotes, $0
  37. CSRF in apps.owncloud.com to ownCloud - 2 upvotes, $0
  38. [forum.owncloud.org] IE, Edge XSS via Request-URI to ownCloud - 2 upvotes, $0
  39. password reset email spamming to ownCloud - 2 upvotes, $0
  40. owncloud.com open redirect to ownCloud - 2 upvotes, $0
  41. Information Exposure Through Directory Listing to ownCloud - 1 upvotes, $250
  42. Full Path Disclosure to ownCloud - 1 upvotes, $25
  43. apps.owncloud.com: Edit Question didn't check ACLs to ownCloud - 1 upvotes, $0
  44. gallery_plus: Content Spoofing to ownCloud - 1 upvotes, $0
  45. apps.owncloud.com: Path Disclosure to ownCloud - 1 upvotes, $0
  46. [s3.owncloud.com] Web Server HTTP Trace/Track Method Support to ownCloud - 1 upvotes, $0
  47. demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack to ownCloud - 1 upvotes, $0
  48. Config to ownCloud - 1 upvotes, $0
  49. apps.owncloud.com: Stored XSS in profile page to ownCloud - 1 upvotes, $0
  50. owncloud.com: Outdated plugins contains public exploits to ownCloud - 1 upvotes, $0
  51. apps.owncloud.com: Session Cookie in URL can be captured by hackers to ownCloud - 1 upvotes, $0
  52. apps.owncloud.com: Potential XSS to ownCloud - 1 upvotes, $0
  53. Apache Range Header Denial of Service Attack (Confirmed PoC) to ownCloud - 1 upvotes, $0
  54. Self-XSS in mails sent by hello@owncloud.com to ownCloud - 1 upvotes, $0
  55. owncloud.com: Persistent XSS In Account Profile to ownCloud - 1 upvotes, $0
  56. owncloud.com: Account Compromise Through CSRF to ownCloud - 1 upvotes, $0
  57. doc.owncloud.org has missing PHP handler to ownCloud - 1 upvotes, $0
  58. doc.owncloud.org: X-XSS-Protection not enabled to ownCloud - 1 upvotes, $0
  59. doc.owncloud.com: PHP info page disclosure to ownCloud - 1 upvotes, $0
  60. This is not the security issue. to ownCloud - 1 upvotes, $0
  61. Full Path Disclosure to ownCloud - 0 upvotes, $25
  62. daily.owncloud.com: Information disclosure to ownCloud - 0 upvotes, $0
  63. owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF) to ownCloud - 0 upvotes, $0
  64. demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  65. apps.owncloud.com: SSL Session cookie without secure flag set to ownCloud - 0 upvotes, $0
  66. owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to ownCloud - 0 upvotes, $0
  67. No email verification during registration to ownCloud - 0 upvotes, $0
  68. apps.owncloud.com: Mixed Active Scripting Issue to ownCloud - 0 upvotes, $0
  69. owncloud.com: PermError SPF Permanent Error: Too many DNS lookups to ownCloud - 0 upvotes, $0
  70. owncloud.com: DOM Based XSS to ownCloud - 0 upvotes, $0
  71. owncloud.com: Cross Site Tracing to ownCloud - 0 upvotes, $0
  72. owncloud.com: WP Super Cache plugin is outdated to ownCloud - 0 upvotes, $0
  73. directory listing in https://demo.owncloud.org/doc/ to ownCloud - 0 upvotes, $0
  74. apps.owncloud.com: Referer protection Bypassed to ownCloud - 0 upvotes, $0
  75. [https://test1.owncloud.com/owncloud6/] Guessable password used for admin user to ownCloud - 0 upvotes, $0
  76. Apache documentation to ownCloud - 0 upvotes, $0
  77. owncloud.help: Text Injection to ownCloud - 0 upvotes, $0
  78. s2.owncloud.com: SSL Session cookie without secure flag set to ownCloud - 0 upvotes, $0
  79. test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  80. *.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers to ownCloud - 0 upvotes, $0
  81. s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability to ownCloud - 0 upvotes, $0
  82. Mixed Active Scripting Issue on stats.owncloud.org to ownCloud - 0 upvotes, $0
  83. otrs.owncloud.com: Reflected Cross-Site Scripting to ownCloud - 0 upvotes, $0
  84. The csrf token remains same after user logs in to ownCloud - 0 upvotes, $0
  85. No Any Kind of Protection on Delete account to ownCloud - 0 upvotes, $0
  86. DROWN Attack to ownCloud - 0 upvotes, $0
  87. apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only) to ownCloud - 0 upvotes, $0
  88. apps.owncloud.com: CSRF change privacy settings to ownCloud - 0 upvotes, $0
  89. File System Monitoring Queue Overflow to ownCloud - 0 upvotes, $0