Lucene search
K

35 matches found

Hacker One
Hacker One
added 2021/04/18 8:17 p.m.22 views

Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default

So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...

4.3CVSS6.4AI score0.01368EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/02/05 12:0 a.m.34 views

Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 Information Disclosure Vulnerability (NC-SA-2019-016)

Nextcloud Server is prone to an information disclosure vulnerability where User IDs and Nextcloud server are leaked to a Nextcloud Lookup server with disabled settings. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

5.3CVSS5.8AI score0.01924EPSS
Exploits1References1
OSV
OSV
added 2020/02/04 8:15 p.m.25 views

CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

5.3CVSS6.6AI score
Exploits0References4
NVD
NVD
added 2020/02/04 8:15 p.m.28 views

CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

5.3CVSS6AI score0.01924EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.30 views

CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

6.3AI score0.01924EPSS
Exploits1References4
CNVD
CNVD
added 2019/08/12 12:0 a.m.4 views

Nextcloud Lookup-Server SQL Injection Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An SQL injection vulnerability exists in Nextcloud Lookup-Server, which can be exploited by an attacker to execute illegal SQL commands...

9.8CVSS8.3AI score0.01788EPSS
Exploits0References1
OSV
OSV
added 2019/08/07 5:15 p.m.17 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS8.4AI score
Exploits0References1
NVD
NVD
added 2019/08/07 5:15 p.m.29 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS9.9AI score0.01788EPSS
Exploits0References1
Prion
Prion
added 2019/08/07 5:15 p.m.28 views

Sql injection

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

7.5CVSS9.8AI score0.01788EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/07 4:23 p.m.29 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.9AI score0.01788EPSS
Exploits0References1
CVE
CVE
added 2019/08/07 4:23 p.m.97 views

CVE-2019-5476

CVE-2019-5476 concerns an SQL injection in the Nextcloud Lookup-Server before version 0.3.0 (lookup.nextcloud.com). The vulnerability allows unauthenticated users to execute arbitrary SQL commands due to improper input handling in the Lookup-Server. Several sources confirm the issue, including Re...

9.8CVSS9.8AI score0.01788EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/07 12:0 a.m.5 views

PT-2019-17697 · Nextcloud · Nextcloud Lookup-Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Lookup-Server versions prior to 0.3.0 Description: The issue allows unauthenticated users to execute arbitrary SQL commands due to an SQL Injection. This affects the Nextcloud Lookup-Server running on https://lookup.nextcloud.com...

9.8CVSS10AI score0.01788EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/03/12 3:45 p.m.39 views

Nextcloud: Nextcloud domain and name of every user leaked to lookup server

Steps to reproduce: 0. Install and set up Nextcloud, optional: create a few random users 1. Apply the following patch to a standard Nextcloud server: patch diff --git a/settings/BackgroundJobs/VerifyUserData.php b/settings/BackgroundJobs/VerifyUserData.php index 56ebadff9c..76ed8b5ed3 100644 ---...

5CVSS0.3AI score0.01924EPSS
Exploits1
Hacker One
Hacker One
added 2019/03/12 3:42 p.m.41 views

Nextcloud: Arbitrary SQL command injection

When querying for users on the lookup server any unauthenticated user could perform an SQL Injection...

7.5CVSS4.1AI score0.01788EPSS
Exploits0
securityvulns
securityvulns
added 2000/10/27 12:0 a.m.26 views

Переполнение буфера в NIS &#40;hostname lookup&#41;

При ответе сервера не проверяется длина адреса, что позволяет переполнить статический буфер...

0.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder