4992 matches found
Design/Logic Flaw
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
UBUNTU-CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
Desktop client can be tricked into opening/executing local files when clicking a nc://open/ link
None...
Nextcloud 代码注入漏洞
A security vulnerability exists in Nextcloud Desktop Client, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that its desktop client could be tricked into opening/executing local files when clicking o...
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882
The CVE-2022-41882 entry concerns the Nextcloud Desktop Client. Affected product: Nextcloud Desktop Client prior to version 3.6.1. Root cause: clicking a nc://open/ link for a malicious shared file, when the file is locally synced or the virtual filesystem is enabled, can cause the default editor...
CVE-2022-41882
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...
Nextcloud: Reference caching can leak data to unauthorized users
A vulnerability existed in Nextcloud's ReferenceManager that allowed unauthorized users to access data if the reference was cached and the user had knowledge of the boardId/cardId. The cachePrefix used in deck was independent of the user, which allowed any user to access the information of a deck...
Nextcloud: Exposed Log File Lead to Full Internal path disclosure at [https://nextcloud.com/wp-content/debug.log]
Hi team , i found wp-content/debug.log endpoint public accessible That lead to full path disclosure Steps : Open : https://nextcloud.com/wp-content/debug.log You can See Internal paths disclosed and date is : 02-Nov-2022 02-Nov-2022 08:50:36 UTC PHP Fatal error: Uncaught Error: Call to undefined...
Nextcloud: Potential directory traversal in OC\Files\Node\Folder::getFullPath
A potential directory traversal vulnerability was found in the getFullPath function of the OC\Files\Node\Folder class in Nextcloud Server before version 20.0.8, 21.0.2, and 22.0.0. An attacker could exploit this vulnerability to create paths outside of their own space and overwrite files belongin...
Nextcloud Server < 23.0.9, < 24.0.5 Multiple Information Disclosure Vulnerabilities (GHSA-8f3p-rcm5-mrg3, GHSA-qpf5-jj85-36h5)
Nextcloud Server is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud: Possibility to delete files attached to deck cards of other users
Hi everyone, Hope you are well ! I come to report here an IDOR vulnerability on the Deck application of Nextcloud, allowing to delete any attached files on any cards. Nextcloud deck app version : latest stable 1.8.0 Steps To Reproduce: The Nextcloud Deck application now offers the ability to add ...
Nextcloud Server < 23.0.10, < 24.0.6 Uncontrolled Resource Consumption Vulnerability (GHSA-wxx7-w5p4-7x4c)
Nextcloud Server is prone to an uncontrolled resource consumption vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-39364
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...
Code injection
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...
CVE-2022-39330
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...
CVE-2022-39329
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database acces...