1086 matches found
PT-2017-10686 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an adversary with access to a write-only share to enumerate the names of existing files and subfolders by comparing exception...
PT-2017-10688 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to bypass quota limitations due to improper sanitization of the OC-Total-Length HTTP header values...
Nextcloud Server and ownCloud Server Content Spoofing Vulnerabilities
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Content Spoofing Vulnerability (CNVD-2017-04625)
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Security Bypass Vulnerability
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Security Bypass Vulnerability (CNVD-2017-05313)
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Security Bypass Vulnerability (CNVD-2017-05314)
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Cross-Site Scripting Vulnerabilities
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...
Nextcloud Server and ownCloud Server Cross-Site Scripting Vulnerabilities
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...
ownCloud Server and Nextcloud Server Security Bypass Vulnerability
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
CVE-2016-9464
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselv...
CVE-2016-9465
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
Cross site scripting
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...
CVE-2016-9462
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to...
CVE-2016-9461
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to...
CVE-2016-9463
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backen...
CVE-2016-9461
CVE-2016-9461 affects Nextcloud Server before 9.0.52 and ownCloud Server before 9.0.4. The vulnerability stems from improper verification of edit permissions on WebDAV COPY actions, where the WebDAV endpoint did not correctly check permissions during COPY. As a result, an authenticated attacker w...
CVE-2016-9464
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselv...
Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2016-10262)
Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a cross-site scripting vulnerability in Gallery due to Gallery failing to adequately handle exception messages. An attacker can exploit this vulnerability to...
Nextcloud Server Cross-Site Scripting Vulnerability
Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a cross-site scripting vulnerability in the CardDAV image output. An attacker can exploit this vulnerability to launch an XSS attack...