Lucene search
K

4998 matches found

Hacker One
Hacker One
added 2017/03/28 9:53 p.m.51 views

Nextcloud: Reflected XSS in error pages (NC-SA-2017-008)

Hello, I found a HTML injection vulnerability 1 flaw in the Nextcloud and Owncloud latest version. Through this vulnerability an attacker could manipulate the website. This vulnerability could affect to the logged users. An attacker could send a malicious link that contains the manipulated URL to...

3.5CVSS0.00643EPSS
Exploits1
NVD
NVD
added 2017/03/28 2:59 a.m.18 views

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

5.3CVSS5.1AI score0.02972EPSS
Exploits1References11
NVD
NVD
added 2017/03/28 2:59 a.m.19 views

CVE-2016-9468

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information...

5.3CVSS5.1AI score0.02077EPSS
Exploits1References7
OSV
OSV
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

5.3CVSS6.5AI score
Exploits0References11
NVD
NVD
added 2017/03/28 2:59 a.m.20 views

CVE-2016-9466

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message,...

6.1CVSS5.9AI score0.01656EPSS
Exploits1References6
OSV
OSV
added 2017/03/28 2:59 a.m.25 views

CVE-2016-9468

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information...

5.3CVSS7AI score
Exploits0References7
NVD
NVD
added 2017/03/28 2:59 a.m.19 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.2AI score0.01118EPSS
Exploits1References6
OSV
OSV
added 2017/03/28 2:59 a.m.8 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification o...

5.4CVSS5.1AI score
Exploits0References6
OSV
OSV
added 2017/03/28 2:59 a.m.22 views

CVE-2016-9466

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message,...

6.1CVSS6AI score
Exploits0References6
NVD
NVD
added 2017/03/28 2:59 a.m.25 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

6.1CVSS5.9AI score0.01493EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.40 views

CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to...

4.3CVSS6AI score0.01874EPSS
Exploits1References9
OSV
OSV
added 2017/03/28 2:59 a.m.9 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

6.1CVSS6.2AI score
Exploits0References8
OSV
OSV
added 2017/03/28 2:59 a.m.6 views

CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to...

4.3CVSS4.5AI score
Exploits0References9
Prion
Prion
added 2017/03/28 2:59 a.m.19 views

Directory traversal

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

5CVSS6.8AI score0.02972EPSS
Exploits1References11Affected Software2
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.33 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

6.1CVSS6.3AI score0.01493EPSS
Exploits1References8
Prion
Prion
added 2017/03/28 2:59 a.m.27 views

Authentication flaw

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backen...

6.8CVSS7.4AI score0.04095EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2017/03/28 2:59 a.m.22 views

CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to...

4.3CVSS4.5AI score0.01874EPSS
Exploits1References9
Prion
Prion
added 2017/03/28 2:59 a.m.25 views

Design/Logic Flaw

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to...

4CVSS6.9AI score0.01874EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2017/03/28 2:59 a.m.17 views

CVE-2016-9460

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an...

5.3CVSS5.1AI score0.01681EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.33 views

CVE-2016-9466

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message,...

6.1CVSS6.3AI score0.01656EPSS
Exploits1References7
Rows per page
Query Builder