4992 matches found
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...
CVE-2023-25160
CVE-2023-25160 (Nextcloud Mail) is an IDOR vulnerability in Nextcloud Mail that lets an attacker access a mailbox by ID, revealing subjects and the first characters of emails. Affected versions are Nextcloud Mail prior to 2.2.1 (Nextcloud 25), 1.14.5 (Nextcloud 22–24), 1.12.9 (Nextcloud 21), and ...
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...
CVE-2023-25159
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
Code injection
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
CVE-2023-25159
CVE-2023-25159 affects Nextcloud Server and related components. Technical details from PT Security show the issue resides in OCFilesNodeFolder::getFullPath(), where improper validation/normalization can allow crafted paths to escape a user’s space, potentially overwriting other users’ data. Affec...
CVE-2023-25159 Nextcloud Server previews are accessible without a watermark
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and...
SSRF via filter bypass due to lax checking on IPs
None...
Missing rate limiting on password reset functionality allows sending lots of emails
None...
IDOR Vulnerability in Nextcloud Mail
None...
Previews are accessible without a watermark
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Mail, which stems from an attacker being able to access mailboxes by obtaining the subject and first character...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a lack of rate limiting for the password reset feature, which could be exploited by an...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the ability to preview without a watermark...
PT-2023-19946 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.1 Nextcloud Mail versions prior to 1.14.5 Nextcloud Mail versions prior to 1.12.9 Nextcloud Mail versions prior to 1.11.8 Description: Nextcloud Mail is an email app for the Nextcloud home server platform...
Cross-site Scripting (XSS)
nextcloud-desktop is vulnerable to Cross-site Scripting XSS attacks. Missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client, allows an attacker to inject and execute malicious javascript on victim's browser...
Nextcloud: Blind SSRF in Mail App
Vulnerability description not provided...