Public ownCloud bug reports.

Team Bounty Title
ownCloud - owncloud.com open redirect
ownCloud - This is not the security issue.
ownCloud - password reset email spamming
ownCloud - doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)
ownCloud $150 HTML Injection in Owncloud
ownCloud - Outdated Jenkins server hosted at OwnCloud.org
ownCloud - HTML injection in Desktop Client
ownCloud - User Information Disclosure via REST API
ownCloud - bug reporting template encourages users to paste config file with passwords
ownCloud - Stored xss
ownCloud - Accessable Htaccess
ownCloud $100 Arbitrary Code Injection in ownCloud’s Windows Client
ownCloud - [forum.owncloud.org] IE, Edge XSS via Request-URI
ownCloud - [api.owncloud.org] CRLF Injection
ownCloud - [doc.owncloud.org] CRLF Injection
ownCloud $50 ownCloud 2.2.2.6192 DLL Hijacking Vulnerability
ownCloud - SMB User Authentication Bypass and Persistence
ownCloud - doc.owncloud.com: PHP info page disclosure
ownCloud $150 Open Redirector via (apps/files_pdfviewer) for un-authenticated users.
ownCloud - doc.owncloud.org: XSS via Referrer
ownCloud - Cross site scripting in apps.owncloud.com
ownCloud - doc.owncloud.org: X-XSS-Protection not enabled
ownCloud - Reflected XSS in owncloud.com
ownCloud - doc.owncloud.org has missing PHP handler
ownCloud - DROWN Attack
ownCloud - owncloud.com: Persistent XSS In Account Profile
ownCloud - No Any Kind of Protection on Delete account
ownCloud - owncloud.help: Text Injection
ownCloud - The csrf token remains same after user logs in
ownCloud $250 Information Exposure Through Directory Listing
ownCloud - Mixed Active Scripting Issue on stats.owncloud.org
ownCloud - otrs.owncloud.com: Reflected Cross-Site Scripting
ownCloud $350 Exploiting unauthenticated encryption mode
ownCloud - [https://test1.owncloud.com/owncloud6/] Guessable password used for admin user
ownCloud - owncloud.com: Parameter pollution in social sharing buttons
ownCloud - XXE at host vpn.owncloud.com
ownCloud - directory listing in https://demo.owncloud.org/doc/
ownCloud - RCE in ci.owncloud.com / ci.owncloud.org
ownCloud - apps.owncloud.com: Referer protection Bypassed
ownCloud - Self-XSS in mails sent by [email protected]
ownCloud - owncloud.com: WP Super Cache plugin is outdated
ownCloud - No email verification during registration
ownCloud - [s3.owncloud.com] Web Server HTTP Trace/Track Method Support
ownCloud - Apache documentation
ownCloud - owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)
ownCloud - Apache Range Header Denial of Service Attack (Confirmed PoC)
ownCloud - Webview Vulnerablity [OwnCloudAndroid Application]
ownCloud - gallery_plus: Content Spoofing
ownCloud $25 Full Path Disclosure
ownCloud - apps.owncloud.com: Potential XSS
ownCloud - apps.owncloud.com: CSRF change privacy settings
ownCloud - Password appears in user name field
ownCloud - apps.owncloud.com: Mixed Active Scripting Issue
ownCloud - apps.owncloud.com: Edit Question didn't check ACLs
ownCloud $25 Full Path Disclosure
ownCloud - Config
ownCloud - owncloud.com: Outdated plugins contains public exploits
ownCloud - Lack of HSTS on https://apps.owncloud.com
ownCloud - CSRF in apps.owncloud.com
ownCloud - apps.owncloud.com: Malicious file upload leads to remote code execution
ownCloud - owncloud.com: Account Compromise Through CSRF
ownCloud - apps.owncloud.com: Stored XSS in profile page
ownCloud - demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack
ownCloud - daily.owncloud.com: Information disclosure
ownCloud - *.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers
ownCloud - test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability
ownCloud - s2.owncloud.com: SSL Session cookie without secure flag set
ownCloud - s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability
ownCloud - demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability
ownCloud - apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP)
ownCloud - apps.owncloud.com: Path Disclosure
ownCloud - apps.owncloud.com: SSL Session cookie without secure flag set
ownCloud - apps.owncloud.com: Session Cookie in URL can be captured by hackers
ownCloud - owncloud.com: PermError SPF Permanent Error: Too many DNS lookups
ownCloud - apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only)
ownCloud - apps.owncloud.com: XSS via referrer
ownCloud - owncloud.com: Cross Site Tracing
ownCloud - owncloud.com: Content Sniffing not disabled
ownCloud - owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)
ownCloud - owncloud.com: DOM Based XSS