1086 matches found
Cross site scripting
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components...
CVE-2017-0892
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...
CVE-2017-0893
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventi...
CVE-2017-0894
Nextcloud Server prior to 11.0.3 is affected by CVE-2017-0894 due to a logical error that discloses valid share tokens for public calendars, potentially letting an attacker access publicly shared calendars without the token. Affected product: Nextcloud Server; vulnerable component: calendar share...
PT-2017-10695 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to a logical error that leads to the disclosure of valid share tokens for public calendars. This could potentially allow an attacker to access publicly shared calenda...
Nextcloud Information Disclosure Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 9.0.55 and 10.0.2. The vulnerabili...
Nextcloud Denial of Service Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A denial of service vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2. An attacker...
Nextcloud Quota Limit Bypass Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, which stems from the...
Nextcloud Unauthorized Folder Creation Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An out-of-authority folder creation vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to...
Nextcloud Server Content Spoofing Vulnerability (CNVD-2017-05596)
Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. A content spoofing vulnerability exists in Nextcloud Server. An attacker could exploit this issue to manipulate and spoof content, which could facilitate further attacks...
Nextcloud Server Multiple Vulnerabilities - Windows
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Nextcloud Server Multiple Vulnerabilities - Linux
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Design/Logic Flaw
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
CVE-2017-0883
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
Code injection
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects...
CVE-2017-0883
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
CVE-2017-0883
CVE-2017-0883 affects Nextcloud Server before 9.0.55 and 10.0.2, where a permission escalation in the OCS sharing API allows an authenticated user to reshare items with elevated permissions. The issue enables an attacker to edit files in a share despite having only read access for folders/files t...
CVE-2017-0883
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit file...
CVE-2017-0888
CVE-2017-0888 affects Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, with a Content-Spoofing vulnerability in the files app. The top navigation bar in the files list contains partially user-controllable input that can misrepresent information. Public sources in the connected recor...
PT-2017-10686 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an adversary with access to a write-only share to enumerate the names of existing files and subfolders by comparing exception...