83 matches found
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. At least $455 million of that was moved for state-sponsored Lazarus Group in part to help fund North Korea’s missile program,...
Nextcloud Server < 22.2.6, 23.x < 23.0.3 Password Requirements Bypass Vulnerability (GHSA-pwjv-h37v-c4fx)
Nextcloud Server is prone to a password requirements bypass vulnerability when sharing a folder via the Circles app. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
Bypass of password requirements when sharing a folder via the Circles app
None...
STEWS - A Security Tool For Enumerating WebSockets
STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...
Nextcloud: bypass forced password protection via circles app
Summary: A user can bypass password enforcement for link and email shares by using a circle Steps To Reproduce: 1. enable forced passwords for link shares and email shares as administrator in the share settings 2. as user create a circle and add an e-mail-address 3. share some file to that circle...
Nextcloud Circles Licensing Issues Vulnerability Vulnerability
Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...
Nextcloud Circles Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...
CVE-2021-37630
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...
CVE-2021-32782
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...
CVE-2021-32782
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...
CVE-2021-37630
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...
Cross site scripting
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...
Design/Logic Flaw
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...
CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...
CVE-2021-32782
CVE-2021-32782 pertains to Nextcloud Circles and is a stored Cross-Site Scripting (XSS) vulnerability. The issue affects Nextcloud Circles and is mitigated in modern browsers that enforce Content-Security-Policy (CSP); exploitation is noted as not feasible on CSP-compliant browsers, but it remain...
CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...
CVE-2021-37630
CVE-2021-37630 affects Nextcloud Circles. The issue is an authorization flaw in affected versions prior to 0.19.15, 0.20.11, or 0.21.4 that allows any user to join a Secret Circle without the circle owner’s approval, leaking private information. The vulnerability is mitigated only by upgrading Ne...
Nextcloud 跨站脚本漏洞
A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...
Nextcloud 安全漏洞
Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...