Lucene search
K

4993 matches found

Hacker One
Hacker One
โ€ขadded 2019/09/09 8:59 a.m.โ€ข21 views

Nextcloud: Directory listing is enabled that exposes non public data through multiple path

Directory Listing is enabled on https://try.nextcloud.com and it shows out a few files on the server + The server version. POC: https://try.nextcloud.com/assets/ https://try.nextcloud.com/css/ https://try.nextcloud.com/js/ Impact This could leak sensitive information on the server and it also...

1.5AI score
Exploits0
Nextcloud
Nextcloud
โ€ขadded 2019/09/04 12:0 a.m.โ€ข28 views

Missing default timeout on HTTP requests (NC-SA-2020-005)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...

4CVSS1.7AI score0.00765EPSS
Exploits0Affected Software1
Hacker One
Hacker One
โ€ขadded 2019/09/01 3:17 p.m.โ€ข29 views

Nextcloud: Clear text storage of proxy parameters and passwords

Proxy settings of the Nextcloud desktop client were not stored in a save way, instead they where just base64 encoded stored in the nextcloud.cfg file...

5CVSS2.4AI score0.0091EPSS
Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/31 3:16 p.m.โ€ข38 views

Nextcloud: XSS in desktop client via invalid server address on login form

Team! I have found this vulnerability that in my time would be called "cross zone" but at the moment I don't know. The problem is found in the latest version of "nextcloud.exe" for your windows version. The problem occurs with the initial screen where you ask to connect to a website. Apparently...

3.5CVSS0.8AI score0.01401EPSS
Exploits1
Hacker One
Hacker One
โ€ขadded 2019/08/31 11:38 a.m.โ€ข20 views

Nextcloud: Persistent XSS on favorite via filename

CVSS ---- Medium 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Description ----------- The name of a file is echoed without encoding when favoring the file, leading to persistent XSS. POC --- To place the payload: - Create a file called test'".pdf and upload it. To trigger the payload: - click...

2.4AI score
Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/25 12:3 a.m.โ€ข27 views

Nextcloud: The password recovery let users know whether an email address exists or not in the website

URL: https://apps.nextcloud.com/password/reset/ I have tried to recover the password for some emails: [email protected] exists [email protected] does not exists After I clicked the "reset my password"'s button, the website informed that the email did not exist. Impact This is a bad practice, and it ...

Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/21 7:18 p.m.โ€ข135 views

Nextcloud: potential RCE and XSS via file upload requiring user account and default settings

potential RCE and XSS via file upload requiring user account and default settings Requirements 1. User account that can upload files NO admin 2. User account name on creation usually the same as on creation/displayed name 3. data directory inside of nextcloud server folder suggested by...

6.4AI score
Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/14 3:46 p.m.โ€ข30 views

Nextcloud: Circle email-members have still access to a shared folder/file after they are removed from the circle

If a email-address is added to a circle, the email user has still access after the email-address is removed from the circle. Requirements ------- circles app and share by mail app enabled Steps to reproduce ------------- 1. add an email address to a circle 2. share a folder/file with the circle 3...

4CVSS1.2AI score0.00831EPSS
Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/13 7:37 p.m.โ€ข33 views

Nextcloud: Username and Access Token Disclousure

Versions ===================== Nextcloud Server Version: 16.0.3.0 it.tsweb.Nextcloud iOS App Version: 2.23.7 Description ===================== While logging in to an owncloud instance the iOS client sends the Username and password to the ressource /login?redirecturl=/login/flow/grant and recieves...

4CVSS0.5AI score0.01081EPSS
Exploits0
CNVD
CNVD
โ€ขadded 2019/08/12 12:0 a.m.โ€ข3 views

Nextcloud Lookup-Server SQL Injection Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An SQL injection vulnerability exists in Nextcloud Lookup-Server, which can be exploited by an attacker to execute illegal SQL commands...

9.8CVSS8.3AI score0.01788EPSS
Exploits0References1
Nextcloud
Nextcloud
โ€ขadded 2019/08/12 12:0 a.m.โ€ข42 views

Group admins can create users with IDs of system folders (NC-SA-2019-015)

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

4CVSS4AI score0.01472EPSS
Exploits1Affected Software1
Hacker One
Hacker One
โ€ขadded 2019/08/07 9:22 p.m.โ€ข121 views

Nextcloud: Veracode and security audit record are publicly available

Leakage of sensitive data through open endpoint Risk management and Compliance Document written by NCC Here is what the document says: ๐˜—๐˜ณ๐˜ฐ๐˜ฑ๐˜ณ๐˜ช๐˜ฆ๐˜ต๐˜ข๐˜ณ๐˜บ ๐˜๐˜ฏ๐˜ง๐˜ฐ๐˜ณ๐˜ฎ๐˜ข๐˜ต๐˜ช๐˜ฐ๐˜ฏ ๐˜›๐˜ฉ๐˜ช๐˜ด ๐˜ฅ๐˜ฐ๐˜ค๐˜ถ๐˜ฎ๐˜ฆ๐˜ฏ๐˜ต ๐˜ค๐˜ฐ๐˜ฏ๐˜ต๐˜ข๐˜ช๐˜ฏ๐˜ด ๐˜ฅ๐˜ฆ๐˜ต๐˜ข๐˜ช๐˜ญ๐˜ฆ๐˜ฅ ๐˜ค๐˜ฐ๐˜ฎ๐˜ฎ๐˜ฆ๐˜ณ๐˜ค๐˜ช๐˜ข๐˜ญ, ๐˜ง๐˜ช๐˜ฏ๐˜ข๐˜ฏ๐˜ค๐˜ช๐˜ข๐˜ญ ๐˜ข๐˜ฏ๐˜ฅ ๐˜ญ๐˜ฆ๐˜จ๐˜ข๐˜ญ ๐˜ช๐˜ฏ๐˜ง๐˜ฐ๐˜ณ๐˜ฎ๐˜ข๐˜ต๐˜ช๐˜ฐ๐˜ฏ, ๐˜ธ๐˜ฉ๐˜ช๐˜ค๐˜ฉ ๐˜ช๐˜ด ๐˜ค๐˜ฐ๐˜ฏ๐˜ง๐˜ช๐˜ฅ๐˜ฆ๐˜ฏ๐˜ต๐˜ช๐˜ข๐˜ญ ๐˜ข๐˜ฏ๐˜ฅ ๐˜ค๐˜ฐ๐˜ฎ๐˜ฎ๐˜ฆ๐˜ณ๐˜ค๐˜ช๐˜ข๐˜ญ๐˜ญ๐˜บ ๐˜ด๐˜ฆ๐˜ฏ๐˜ด๐˜ช๐˜ต๐˜ช๐˜ท๐˜ฆ. ๐˜›๐˜ฉ๐˜ฆ ๐˜ณ๐˜ฆ๐˜ญ๐˜ฆ๐˜ข๐˜ด๐˜ฆ...

6.7AI score
Exploits0
NVD
NVD
โ€ขadded 2019/08/07 5:15 p.m.โ€ข27 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS9.9AI score0.01788EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2019/08/07 5:15 p.m.โ€ข16 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.8CVSS8.4AI score
Exploits0References1
Prion
Prion
โ€ขadded 2019/08/07 5:15 p.m.โ€ข27 views

Sql injection

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

7.5CVSS9.8AI score0.01788EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
โ€ขadded 2019/08/07 4:23 p.m.โ€ข27 views

CVE-2019-5476

An SQL Injection in the Nextcloud Lookup-Server v0.3.0 running on https://lookup.nextcloud.com caused unauthenticated users to be able to execute arbitrary SQL commands...

9.9AI score0.01788EPSS
Exploits0References1
CVE
CVE
โ€ขadded 2019/08/07 4:23 p.m.โ€ข97 views

CVE-2019-5476

CVE-2019-5476 concerns an SQL injection in the Nextcloud Lookup-Server before version 0.3.0 (lookup.nextcloud.com). The vulnerability allows unauthenticated users to execute arbitrary SQL commands due to improper input handling in the Lookup-Server. Several sources confirm the issue, including Re...

9.8CVSS9.8AI score0.01788EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
โ€ขadded 2019/08/07 12:0 a.m.โ€ข4 views

PT-2019-17697 ยท Nextcloud ยท Nextcloud Lookup-Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Lookup-Server versions prior to 0.3.0 Description: The issue allows unauthenticated users to execute arbitrary SQL commands due to an SQL Injection. This affects the Nextcloud Lookup-Server running on https://lookup.nextcloud.com...

9.8CVSS10AI score0.01788EPSS
Exploits0References3
Hacker One
Hacker One
โ€ขadded 2019/08/05 1:42 p.m.โ€ข18 views

Nextcloud: Username Enumeration

Hi, it is possible to determine the existence of a user account. It reveals username which can open new attack vectors. Version: Nextcloud 16.0.3 Request for existing account: GET /avatar/admin/80?v=-472 HTTP/1.1 Host: localhost:8084 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.14; rv:68....

0.4AI score
Exploits0
Hacker One
Hacker One
โ€ขadded 2019/08/02 8:25 p.m.โ€ข55 views

Nextcloud: Content Spoofing /Text Injection in https://docs.nextcloud.com

Hello Team, I have found a Content Spoofing / Text Injection on this domain https://docs.nextcloud.com Go to https://docs.nextcloud.com/!!!ATENTION!%20This%20server%20is%20on%20Maintenance%20please%20go%20to%20WWW.EVIL.COM%20%20%20%20%20%20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%...

0.6AI score
Exploits0
Rows per page
Query Builder