Vulnerabilities - Acunetix

Vulnerability Name	CVE CWE	CWE	Severity
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9459)	CVE-2016-9459 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9465)	CVE-2016-9465 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9466)	CVE-2016-9466 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)	CVE-2017-8896 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)	CVE-2017-9338 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)	CVE-2015-3013 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-44537)	CVE-2021-44537 CWE-138	CWE-138	High
ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-4718)	CVE-2015-4718 CWE-138	CWE-138	Critical
ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698)	CVE-2015-7698 CWE-138	CWE-138	Critical
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)	CVE-2013-1893 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2045)	CVE-2013-2045 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)	CVE-2013-2046 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-23948)	CVE-2023-23948 CWE-138	CWE-138	Medium
ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)	CVE-2020-36251 CWE-269	CWE-269	Medium
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)	CVE-2021-35946 CWE-269	CWE-269	Critical
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)	CVE-2014-2052 CWE-611	CWE-611	Critical
ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)	CVE-2021-29659 CWE-863	CWE-863	Medium
ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)	CVE-2021-35949 CWE-863	CWE-863	Medium
ownCloud Other Vulnerability (CVE-2012-4389)	CVE-2012-4389		Medium
ownCloud Other Vulnerability (CVE-2012-5057)	CVE-2012-5057		Medium
ownCloud Other Vulnerability (CVE-2012-5609)	CVE-2012-5609		Medium
ownCloud Other Vulnerability (CVE-2013-1851)	CVE-2013-1851		Low
ownCloud Other Vulnerability (CVE-2013-2089)	CVE-2013-2089		Medium
ownCloud Other Vulnerability (CVE-2014-2053)	CVE-2014-2053		High
ownCloud Other Vulnerability (CVE-2014-2054)	CVE-2014-2054		High
ownCloud Other Vulnerability (CVE-2014-2055)	CVE-2014-2055		High
ownCloud Other Vulnerability (CVE-2014-2056)	CVE-2014-2056		High
ownCloud Other Vulnerability (CVE-2015-5954)	CVE-2015-5954		Medium
ownCloud Other Vulnerability (CVE-2015-6670)	CVE-2015-6670		Medium
ownCloud Other Vulnerability (CVE-2022-25338)	CVE-2022-25338		Medium
ownCloud Other Vulnerability (CVE-2022-25339)	CVE-2022-25339		Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)	CVE-2012-4752 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)	CVE-2012-5665 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)	CVE-2013-0304 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)	CVE-2013-1963 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)	CVE-2013-2043 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2047)	CVE-2013-2047 CWE-264	CWE-264	Low
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)	CVE-2013-2048 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)	CVE-2013-6403 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)	CVE-2014-2049 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)	CVE-2014-3834 CWE-264	CWE-264	High
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)	CVE-2014-3835 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)	CVE-2014-3837 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)	CVE-2014-3838 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)	CVE-2014-3963 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)	CVE-2014-9048 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)	CVE-2016-5876 CWE-264	CWE-264	Medium
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)	CVE-2023-49103 CWE-200	CWE-200	Critical
ownCloud Resource Management Errors Vulnerability (CVE-2015-4717)	CVE-2015-4717		High
ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)	CVE-2015-6500		High
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)	CVE-2020-10252 CWE-918	CWE-918	High
ownCloud Session Fixation Vulnerability (CVE-2021-35948)	CVE-2021-35948 CWE-384	CWE-384	Medium
ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)	CVE-2017-5867 CWE-400	CWE-400	Medium
Padding oracle attack	CWE-209	CWE-209	High
Paperclip gem SSRF (Server side request forgery)	CVE-2017-0889 CWE-918	CWE-918	High
PaperCut NG/MF Path Traversal (CVE-2023-39143)	CVE-2023-39143 CWE-22	CWE-22	Critical
Parallels Plesk SQL injection vulnerability	CVE-2012-1557 CWE-89	CWE-89	High
Parallels Plesk SSO XML External Entity and Cross-site scripting	CWE-611	CWE-611	High
Passive Mixed Content over HTTPS	CWE-284	CWE-284	Low
Password found in server response	CWE-312	CWE-312	Medium
Password transmitted over HTTP	CWE-523	CWE-523	Medium
Path Traversal in Next.js up to 9.3.1	CVE-2020-5284 CWE-22	CWE-22	Medium
Path Traversal in Oracle GlassFish server open source edition	CWE-22	CWE-22	High
Path traversal via misconfigured NGINX alias	CWE-22	CWE-22	High
Payara Files or Directories Accessible to External Parties Vulnerability (CVE-2022-45129)	CVE-2022-45129 CWE-552	CWE-552	High
Payara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-37422)	CVE-2022-37422 CWE-22	CWE-22	High
Payara Micro File Read (CVE-2021-41381)	CVE-2021-41381 CWE-22	CWE-22	Medium
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)	CVE-2023-41699 CWE-601	CWE-601	Medium
Pentaho API Auth bypass (CVE-2021-31602)	CVE-2021-31602 CWE-863	CWE-863	High
Perl Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-12723)	CVE-2020-12723 CWE-120	CWE-120	High
Perl code injection	CWE-94	CWE-94	Critical
Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)	CVE-2016-6185		High
Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)	CVE-2023-31484 CWE-295	CWE-295	High
Perl Improper Certificate Validation Vulnerability (CVE-2023-31486)	CVE-2023-31486 CWE-295	CWE-295	High
Perl Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-6329)	CVE-2012-6329 CWE-94	CWE-94	High

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9459)

CVE-2016-9459

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9465)

CVE-2016-9465

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9466)

CVE-2016-9466

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)

CVE-2017-8896

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)

CVE-2017-9338

CWE-707

Medium

ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)

CVE-2015-3013

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-44537)

CVE-2021-44537

CWE-138

High

ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-4718)

CVE-2015-4718

CWE-138

Critical

ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698)

CVE-2015-7698

CWE-138

Critical

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)

CVE-2013-1893

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2045)

CVE-2013-2045

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)

CVE-2013-2046

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-23948)

CVE-2023-23948

CWE-138

Medium

ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)

CVE-2020-36251

CWE-269

Medium

ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)

CVE-2021-35946

CWE-269

Critical

ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)

CVE-2014-2052

CWE-611

Critical

ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)

CVE-2021-29659

CWE-863

Medium

ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)

CVE-2021-35949

CWE-863

Medium

ownCloud Other Vulnerability (CVE-2012-4389)

CVE-2012-4389

Medium

ownCloud Other Vulnerability (CVE-2012-5057)

CVE-2012-5057

Medium

ownCloud Other Vulnerability (CVE-2012-5609)

CVE-2012-5609

Medium

ownCloud Other Vulnerability (CVE-2013-1851)

CVE-2013-1851

Low

ownCloud Other Vulnerability (CVE-2013-2089)

CVE-2013-2089

Medium

ownCloud Other Vulnerability (CVE-2014-2053)

CVE-2014-2053

High

ownCloud Other Vulnerability (CVE-2014-2054)

CVE-2014-2054

High

ownCloud Other Vulnerability (CVE-2014-2055)

CVE-2014-2055

High

ownCloud Other Vulnerability (CVE-2014-2056)

CVE-2014-2056

High

ownCloud Other Vulnerability (CVE-2015-5954)

CVE-2015-5954

Medium

ownCloud Other Vulnerability (CVE-2015-6670)

CVE-2015-6670

Medium

ownCloud Other Vulnerability (CVE-2022-25338)

CVE-2022-25338

Medium

ownCloud Other Vulnerability (CVE-2022-25339)

CVE-2022-25339

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)

CVE-2012-4752

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)

CVE-2012-5665

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)

CVE-2013-0304

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

CVE-2013-1963

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)

CVE-2013-2043

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2047)

CVE-2013-2047

CWE-264

Low

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

CVE-2013-2048

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)

CVE-2013-6403

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)

CVE-2014-2049

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)

CVE-2014-3834

CWE-264

High

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)

CVE-2014-3835

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

CVE-2014-3837

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)

CVE-2014-3838

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

CVE-2014-3963

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)

CVE-2014-9048

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)

CVE-2016-5876

CWE-264

Medium

OwnCloud phpinfo Information Disclosure (CVE-2023-49103)

CVE-2023-49103

CWE-200

Critical

ownCloud Resource Management Errors Vulnerability (CVE-2015-4717)

CVE-2015-4717

High

ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)

CVE-2015-6500

High

ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)

CVE-2020-10252

CWE-918

High

ownCloud Session Fixation Vulnerability (CVE-2021-35948)

CVE-2021-35948

CWE-384

Medium

ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)

CVE-2017-5867

CWE-400

Medium

Padding oracle attack

CWE-209

High

Paperclip gem SSRF (Server side request forgery)

CVE-2017-0889

CWE-918

High

PaperCut NG/MF Path Traversal (CVE-2023-39143)

CVE-2023-39143

CWE-22

Critical

Parallels Plesk SQL injection vulnerability

CVE-2012-1557

CWE-89

High

Parallels Plesk SSO XML External Entity and Cross-site scripting

CWE-611

High

Passive Mixed Content over HTTPS

CWE-284

Low

Password found in server response

CWE-312

Medium

Password transmitted over HTTP

CWE-523

Medium

Path Traversal in Next.js up to 9.3.1

CVE-2020-5284

CWE-22

Medium

Path Traversal in Oracle GlassFish server open source edition

CWE-22

High

Path traversal via misconfigured NGINX alias

CWE-22

High

Payara Files or Directories Accessible to External Parties Vulnerability (CVE-2022-45129)

CVE-2022-45129

CWE-552

High

Payara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-37422)

CVE-2022-37422

CWE-22

High

Payara Micro File Read (CVE-2021-41381)

CVE-2021-41381

CWE-22

Medium

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)

CVE-2023-41699

CWE-601

Medium

Pentaho API Auth bypass (CVE-2021-31602)

CVE-2021-31602

CWE-863

High

Perl Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-12723)

CVE-2020-12723

CWE-120

High

Perl code injection

CWE-94

Critical

Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)

CVE-2016-6185

High

Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)

CVE-2023-31484

CWE-295

High

Perl Improper Certificate Validation Vulnerability (CVE-2023-31486)

CVE-2023-31486

CWE-295

High

Perl Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-6329)

CVE-2012-6329

CWE-94

High

Standard & Premium

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities