Lucene search
K

4993 matches found

Nextcloud
Nextcloud
added 2019/11/12 12:0 a.m.57 views

Login and token disclosure to other Nextcloud services (NC-SA-2019-017)

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

4CVSS2.5AI score0.01081EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2019/11/09 12:0 a.m.89 views

Nextcloud 17 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2019/11/08 2:19 p.m.29 views

Nextcloud: Improper integrity protection of server-side encryption keys

The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...

5.5CVSS0.6AI score0.00727EPSS
Exploits1
exploitpack
exploitpack
added 2019/11/08 12:0 a.m.37 views

Nextcloud 17 - Cross-Site Request Forgery

Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/08 12:0 a.m.310 views

Nextcloud 17 Cross Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 Nextcloud offers the industry-leading, on-premises content collaboration platfor...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/08 12:0 a.m.373 views

Nextcloud 17 - Cross-Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the industry-leading, on-premises content collaboratio...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2019/10/25 12:14 p.m.66 views

Nextcloud: Bypass configured 2FA provider with another provider that can be set up at login

In Nextcloud 17 there is the possibility to set up 2FA providers at login. A missing check allows the following steps 1 Enforce 2FA for all users 2 As a user, configure a 2FA provider via settings or at login 3 Log out 4 Log in again password only 5 When prompted with the earlier set up provider,...

5.5CVSS3.6AI score0.00607EPSS
Exploits0
Nextcloud
Nextcloud
added 2019/10/25 12:0 a.m.28 views

Duplicate setup of second factor allowed (NC-SA-2020-006)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...

5.5CVSS2.8AI score0.00607EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/10/22 4:44 p.m.196 views

Nextcloud: Docker image with FPM is vulnerable to CVE-2019-11043

The CVE-2019-11043 vulnerability can be exploited in the latest nextcloud:fpm image. This is due to the specific nginx configuration recommended for nextcloud: https://github.com/nextcloud/dockerbase-version---fpm...

7.5CVSS0.2AI score0.9947EPSS
Exploits54
Nextcloud
Nextcloud
added 2019/10/22 12:0 a.m.26 views

File-drop content is visible through the gallery app (NC-SA-2019-012)

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...

4CVSS3.3AI score0.00915EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/10/21 10:54 p.m.32 views

Nextcloud: File-drop content is visible through the gallery app

I set up a file-drop on NC 17 btw, according to https://nextcloud.com/security/ NC17 is not covered - but it should be once it's released!: created folder, set share as upload-only. I access that folder as https://cloud.domain.com/s/randompath - fine: I get the upload interface and cannot see...

4CVSS5.4AI score0.00915EPSS
Exploits0
CNVD
CNVD
added 2019/10/21 12:0 a.m.1 views

Video_Converter app denial of service vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.VideoConverter app is a video file format converter. A denial of service vulnerability exists in VideoConverter app version 0.1.0 for Nextcloud, which...

7.7CVSS6.8AI score0.01388EPSS
Exploits1References1
NVD
NVD
added 2019/10/19 2:15 p.m.12 views

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

7.7CVSS7.5AI score0.01388EPSS
Exploits1References1
OSV
OSV
added 2019/10/19 2:15 p.m.8 views

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

7.7CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2019/10/19 2:15 p.m.12 views

Design/Logic Flaw

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

6.8CVSS7.5AI score0.01388EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/10/19 1:32 p.m.119 views

CVE-2019-18214

The CVE-2019-18214 entry concerns the Video_Converter app 0.1.0 for Nextcloud. The underlying issue is a denial-of-service condition caused by running many FFmpeg processes concurrently; the workload is not serialized, allowing CPU and memory usage to spike. Affected component is the Video_Conver...

7.7CVSS7.4AI score0.01388EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/19 1:32 p.m.15 views

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

7.7CVSS7.5AI score0.01388EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/09/19 4:29 p.m.46 views

Nextcloud: Only the file extensions are checked, not the MIME types as configured

The tool is not working as hoped. File access control speaks of MIME types that are blocked or not blocked. In fact, only the file extensions are checked. If a user renames an unauthorized file to an allowed file, he can upload and download it. The MIME type of the current file is insignificant,...

6CVSS0.7AI score0.0113EPSS
Exploits0
Hacker One
Hacker One
added 2019/09/17 10:37 a.m.663 views

Nextcloud: Exposing debug.log file leads to server full path disclosure

At the following address i have found debug.log file disclose the application full path on the server. https://nextcloud.com/wp-content/debug.log Impact The server should not expose this log file as it could help an attacker to understand the environment that may lead to further attacks...

1AI score
Exploits0
Hacker One
Hacker One
added 2019/09/17 3:52 a.m.142 views

Nextcloud: WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED)

because in the burp suite, the build request is complicated, I only use curl 1. Create file index.html and index.php Index.html : Hello world Index.php : 2. Once created enter into .zip COMPRESS 3. LETS UPLOAD CURL : curl site.com/index.php/wp-json/articulate/v1/upload-data -F "name=NAMAFILE" -F...

0.6AI score
Exploits0
Rows per page
Query Builder