4969 matches found
CVE-2017-0887
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the...
CVE-2017-0888
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...
CVE-2017-0883
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
CVE-2017-0883
CVE-2017-0883 affects Nextcloud Server before 9.0.55 and 10.0.2, where a permission escalation in the OCS sharing API allows an authenticated user to reshare items with elevated permissions. The issue enables an attacker to edit files in a share despite having only read access for folders/files t...
CVE-2017-0885
CVE-2017-0885 affects Nextcloud Server prior to 9.0.55 and 10.0.2. An error-message disclosure in write-only shares allows an adversary with access to enumerate existing files and subfolders by comparing exception messages. The issue is documented across multiple sources (Nextcloud advisory NC-SA...
CVE-2017-0886
CVE-2017-0886 affects Nextcloud Server. The vulnerability stems from an error in the application logic that allows an authenticated adversary to trigger an endless recursion, resulting in a Denial of Service. Impact is described as Denial of Service with potential for persistent unavailability. A...
CVE-2017-0884
CVE-2017-0884 affects Nextcloud Server prior to versions 9.0.55 and 10.0.2 . A logical error in the file caching layer allows an authenticated attacker who has at least read-only permissions to create empty folders inside a shared folder, i.e., a creation of folders in read-only folders despite l...
CVE-2017-0887
CVE-2017-0887 affects Nextcloud Server before 9.0.55 and before 10.0.2, where an authenticated user can bypass quota limits due to improper sanitization of the OC-Total-Length HTTP header, allowing exceedance of configured quotas. The issue is documented across multiple sources (NVD/CNVD/OSV/Open...
CVE-2017-0888
CVE-2017-0888 affects Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, with a Content-Spoofing vulnerability in the files app. The top navigation bar in the files list contains partially user-controllable input that can misrepresent information. Public sources in the connected recor...
Nextcloud: Design Issues on ( ███ ) Lead to show ( IPS of Users )
Hello , I know this Domain is maybe out of scope But it Connected to the main Website I have see it Cashable the Download IPS for Users Status. As I saw that You active statics awstats That show me Full access to Status on the website . POC...
PT-2017-10687 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to trigger an endless recursion in the application, leading to a potential Denial of Service attack d...
PT-2017-10685 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to create empty folders inside a shared folder, despite lacking the necessary permissions, due to a...
PT-2017-10688 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to bypass quota limitations due to improper sanitization of the OC-Total-Length HTTP header values...
PT-2017-10686 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an adversary with access to a write-only share to enumerate the names of existing files and subfolders by comparing exception...
Nextcloud: Directory Listing In Subdomain Of nextcloud.com
Hi Sir/Madam , I found a directory listing bug in one of your subdomain - https://apps.nextcloud.com Here is the location of directory listing https://apps.nextcloud.com/static/ here is the access to some of your files By, Baskaran XyberWolf...
Nextcloud - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Nextcloud published at the 'play' market has multiple vulnerabilities...
ownCloud Server and Nextcloud Server Cross-Site Scripting Vulnerabilities
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...
Nextcloud Server and ownCloud Server Content Spoofing Vulnerabilities
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
Nextcloud Server and ownCloud Server Content Spoofing Vulnerability (CNVD-2017-04625)
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...
ownCloud Server and Nextcloud Server Security Bypass Vulnerability
ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...