35 matches found
Nextcloud: Nextcloud deck sharee search leaks searches to lookupserver by default
So, in short this is related to the other 2 reports https://hackerone.com/reports/1167916 and https://hackerone.com/reports/1167919 While I could not find deck on your h1 page. I kind of assume it is in scope as well as this is something you sell with the 'groupware' subscription...
Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 Information Disclosure Vulnerability (NC-SA-2019-016)
Nextcloud Server is prone to an information disclosure vulnerability where User IDs and Nextcloud server are leaked to a Nextcloud Lookup server with disabled settings. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...
CVE-2019-15623
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
CVE-2019-15623
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
CVE-2019-15623
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
Nextcloud Lookup-Server SQL Injection Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An SQL injection vulnerability exists in Nextcloud Lookup-Server, which can be exploited by an attacker to execute illegal SQL commands...
CVE-2019-5476
An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...
CVE-2019-5476
An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...
Sql injection
An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...
CVE-2019-5476
An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...
CVE-2019-5476
CVE-2019-5476 concerns an SQL injection in the Nextcloud Lookup-Server before version 0.3.0 (lookup.nextcloud.com). The vulnerability allows unauthenticated users to execute arbitrary SQL commands due to improper input handling in the Lookup-Server. Several sources confirm the issue, including Re...
PT-2019-17697 · Nextcloud · Nextcloud Lookup-Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Lookup-Server versions prior to 0.3.0 Description: The issue allows unauthenticated users to execute arbitrary SQL commands due to an SQL Injection. This affects the Nextcloud Lookup-Server running on https://lookup.nextcloud.com...
Nextcloud: Nextcloud domain and name of every user leaked to lookup server
Steps to reproduce: 0. Install and set up Nextcloud, optional: create a few random users 1. Apply the following patch to a standard Nextcloud server: patch diff --git a/settings/BackgroundJobs/VerifyUserData.php b/settings/BackgroundJobs/VerifyUserData.php index 56ebadff9c..76ed8b5ed3 100644 ---...
Nextcloud: Arbitrary SQL command injection
When querying for users on the lookup server any unauthenticated user could perform an SQL Injection...
Переполнение буфера в NIS (hostname lookup)
При ответе сервера не проверяется длина адреса, что позволяет переполнить статический буфер...