PT-2017-10695 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to a logical error that leads to the disclosure of valid share tokens for public calendars. This could potentially allow an attacker to access publicly shared calenda...

Nextcloud Denial of Service Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A denial of service vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2. An attacker...

Nextcloud Quota Limit Bypass Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, which stems from the...

Nextcloud Information Disclosure Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 9.0.55 and 10.0.2. The vulnerabili...

Nextcloud Unauthorized Folder Creation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An out-of-authority folder creation vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2017-05596)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. A content spoofing vulnerability exists in Nextcloud Server. An attacker could exploit this issue to manipulate and spoof content, which could facilitate further attacks...

Nextcloud Server Multiple Vulnerabilities - Windows

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server Multiple Vulnerabilities - Linux

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Design/Logic Flaw

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

Code injection

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

CVE-2017-0883

CVE-2017-0883 affects Nextcloud Server before 9.0.55 and 10.0.2, where a permission escalation in the OCS sharing API allows an authenticated user to reshare items with elevated permissions. The issue enables an attacker to edit files in a share despite having only read access for folders/files t...

CVE-2017-0888

CVE-2017-0888 affects Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, with a Content-Spoofing vulnerability in the files app. The top navigation bar in the files list contains partially user-controllable input that can misrepresent information. Public sources in the connected recor...

CVE-2017-0883

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...

PT-2017-10687 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to trigger an endless recursion in the application, leading to a potential Denial of Service attack d...

PT-2017-10688 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to bypass quota limitations due to improper sanitization of the OC-Total-Length HTTP header values...

PT-2017-10686 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an adversary with access to a write-only share to enumerate the names of existing files and subfolders by comparing exception...

Nextcloud Server and ownCloud Server Content Spoofing Vulnerabilities

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...

Nextcloud Server and ownCloud Server Content Spoofing Vulnerability (CNVD-2017-04625)

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...