Lucene search
+L

83 matches found

ThreatPost
ThreatPost
added 2022/08/09 5:58 p.m.33 views

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. At least $455 million of that was moved for state-sponsored Lazarus Group in part to help fund North Korea’s missile program,...

7.3AI score
Exploits0References10
OpenVAS
OpenVAS
added 2022/05/23 12:0 a.m.19 views

Nextcloud Server < 22.2.6, 23.x < 23.0.3 Password Requirements Bypass Vulnerability (GHSA-pwjv-h37v-c4fx)

Nextcloud Server is prone to a password requirements bypass vulnerability when sharing a folder via the Circles app. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.3CVSS4.7AI score0.01037EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/20 4:0 p.m.32 views

CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

3.5CVSS4.9AI score0.01037EPSS
Exploits0References4
Nextcloud
Nextcloud
added 2022/05/20 8:9 a.m.68 views

Bypass of password requirements when sharing a folder via the Circles app

None...

4.3CVSS4.8AI score0.01037EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2021/12/06 8:30 p.m.34 views

STEWS - A Security Tool For Enumerating WebSockets

STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...

6.9AI score
Exploits0References8
Hacker One
Hacker One
added 2021/11/22 9:25 a.m.61 views

Nextcloud: bypass forced password protection via circles app

Summary: A user can bypass password enforcement for link and email shares by using a circle Steps To Reproduce: 1. enable forced passwords for link shares and email shares as administrator in the share settings 2. as user create a circle and add an e-mail-address 3. share some file to that circle...

4CVSS1.7AI score0.01037EPSS
Exploits0
CNVD
CNVD
added 2021/09/09 12:0 a.m.16 views

Nextcloud Circles Licensing Issues Vulnerability Vulnerability

Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...

6.5CVSS2.1AI score0.01202EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/09 12:0 a.m.22 views

Nextcloud Circles Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

5.8CVSS2.7AI score0.00835EPSS
Exploits0References1
NVD
NVD
added 2021/09/07 8:15 p.m.29 views

CVE-2021-37630

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS0.01202EPSS
Exploits0References3
NVD
NVD
added 2021/09/07 8:15 p.m.23 views

CVE-2021-32782

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.8CVSS0.00835EPSS
Exploits0References3
OSV
OSV
added 2021/09/07 8:15 p.m.14 views

CVE-2021-32782

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.4CVSS5.5AI score
Exploits0References3
OSV
OSV
added 2021/09/07 8:15 p.m.17 views

CVE-2021-37630

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2021/09/07 8:15 p.m.24 views

Cross site scripting

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

3.5CVSS5.1AI score0.00835EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/09/07 8:15 p.m.22 views

Design/Logic Flaw

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

4CVSS6.4AI score0.01202EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/07 8:0 p.m.27 views

CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting XSS vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitab...

5.8CVSS5.4AI score0.00835EPSS
Exploits0References3
CVE
CVE
added 2021/09/07 8:0 p.m.63 views

CVE-2021-32782

CVE-2021-32782 pertains to Nextcloud Circles and is a stored Cross-Site Scripting (XSS) vulnerability. The issue affects Nextcloud Circles and is mitigated in modern browsers that enforce Content-Security-Policy (CSP); exploitation is noted as not feasible on CSP-compliant browsers, but it remain...

5.8CVSS5.1AI score0.00835EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/07 8:0 p.m.31 views

CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is...

6.5CVSS6.6AI score0.01202EPSS
Exploits0References3
CVE
CVE
added 2021/09/07 8:0 p.m.64 views

CVE-2021-37630

CVE-2021-37630 affects Nextcloud Circles. The issue is an authorization flaw in affected versions prior to 0.19.15, 0.20.11, or 0.21.4 that allows any user to join a Secret Circle without the circle owner’s approval, leaking private information. The vulnerability is mitigated only by upgrading Ne...

6.5CVSS6.4AI score0.01202EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.7 views

Nextcloud 跨站脚本漏洞

A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...

5.8CVSS5.4AI score0.00835EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.8 views

Nextcloud 安全漏洞

Nextcloud Circles, an open source social network built by Nextcloud Germany for the Nextcloud ecosystem, is vulnerable to an authorization issue in versions prior to 0.19.15, 0.20.11, and 0.21.4, which stems from a vulnerability in the Nextcloud Circles The application allows any user to join any...

6.5CVSS5.6AI score0.01202EPSS
Exploits0References5
Rows per page
Query Builder