1090 matches found
Default credentials
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
Input validation
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...
Design/Logic Flaw
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...
CVE-2018-16464
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...
Default credentials
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16463
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...
CVE-2018-16466
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...
CVE-2018-16463
CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16465
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...
Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)
Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server Security Bypass Vulnerability (Aug 2018)
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Nextcloud Server Authorization Issues Vulnerability
Nextcloud is a client-server software suite for creating network hard disks. An authorization issue vulnerability exists in versions of Nextcloud Server prior to 12.0.3, which can be exploited by an attacker to obtain user credentials and bypass two-factor authentication...
Nextcloud Server Improper Input Validation Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An input validation vulnerability exists in Nextcloud Server versions prior to 12.0.3 and 11.0.5, which can be exploite...
CVE-2018-3776
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
CVE-2018-3775
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...