Nextcloud: Brute force protection allows to send more requests than intended

Vulnerability description not provided...

Nextcloud: Twitter Account hijack @nextcloudfrance

The Twitter account of Nextcloud France was vulnerable to Broken Link Hijacking BLH attack, which occurs when attackers exploit expired external links on credible websites or web applications. The attackers took over the expired link and claimed the username for testing purposes, redirecting user...

SUSE CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

Nextcloud Server 24.0.x < 24.0.10, 25.0.x < 25.0.4 Missing Brute Force Protection Vulnerability (GHSA-36g6-wjx2-333x)

Nextcloud Server is prone to a missing brute force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

Default credentials

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2023-25820 Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2023-25820

CVE-2023-25820 affects Nextcloud Server and Enterprise Server: if an attacker gains access to an already logged-in user session, they can brute-force the password on the confirmation endpoint. Affected ranges and patches per sources include Nextcloud Server 24.0.x &lt; 24.0.10 and 25.0.x &lt; 25....

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that when an attacker gains access to a logged-in user session, they can...

PT-2023-20326 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.9 Nextcloud Server versions 25.0.x through 25.0.4 Nextcloud Enterprise Server versions 21.x through 21.0.9.9 Nextcloud Enterprise Server versions 22.x through 22.2.0.9 Nextcloud Enterprise Server...

Nextcloud: No rate limit while adding Additional emails feature

Vulnerability description not provided...

Missing brute force protection on password confirmation modal

None...

Nextcloud: Blind SSRF as normal user from mailapp

Vulnerability description not provided...

Nextcloud: Dos in Form Submission at https://nextcloud.com/instant-trial/

Vulnerability description not provided...

Nextcloud: Users can set up workflows using restricted and invisible system tags

Vulnerability description not provided...

Nextcloud: Responsive Server-side Request Forgery (SSRF)

Vulnerability description not provided...

Nextcloud: Missing brute force protection for passwords of password protected share links

A missing brute force protection vulnerability was found in the password protection feature of shared files, allowing an attacker to bypass the password protection of the shared files due to the lack of rate limit. This could lead to unauthorized access to protected files...

Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle

A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...