Lucene search
K

4993 matches found

CVE
CVE
added 2019/07/30 8:28 p.m.221 views

CVE-2019-5454

Summary: CVE-2019-5454 corresponds to an SQL injection in the Nextcloud Android app (pre-3.0.0) affecting the app’s internal content provider and local cache. The vulnerability allows manipulation of SQL queries via harmed inputs to the provider, which can destroy the local cache and force users ...

9.8CVSS9.2AI score0.02019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/30 8:26 p.m.29 views

CVE-2019-5455

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process...

6.6AI score0.00463EPSS
Exploits1References1
CVE
CVE
added 2019/07/30 8:26 p.m.62 views

CVE-2019-5455

CVE-2019-5455 affects the Nextcloud Android app (v3.6.0). The issue allows bypassing the device lock protection during multi-account creation/abort, enabling the attacker to redirect to a default account without prompting for the lock pattern. Evidence includes a PoC described in the HackerOne re...

6.8CVSS6.5AI score0.00463EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.4 views

PT-2019-17683 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.0.0 Description: The issue allows for the destruction of a local cache when a harmful query is executed, requiring the user to reset up the account. This occurs due to SQL Injection in the Nextcloud...

9.8CVSS9.3AI score0.02019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.5 views

PT-2019-17684 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android app version 3.6.0 Description: The issue allows bypassing lock protection when creating a multi-account and aborting the process in the Nextcloud Android app. Recommendations: For Nextcloud Android app version 3.6.0, update ...

6.8CVSS6.3AI score0.00463EPSS
Exploits1References4
Nextcloud
Nextcloud
added 2019/07/29 12:0 a.m.28 views

Name of private conversations leaked when linked via projects to a shared item (NC-SA-2020-011)

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature...

4CVSS4.3AI score0.00766EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2019/07/29 12:0 a.m.28 views

Improper neutralization of item names in projects feature (NC-SA-2020-010)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

3.5CVSS3.7AI score0.0084EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2019/07/29 12:0 a.m.31 views

Improper neutralization of item names in projects feature (NC-SA-2020-008)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

3.5CVSS3.7AI score0.0084EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2019/07/29 12:0 a.m.25 views

Improper neutralization of item names in projects feature (NC-SA-2020-009)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

3.5CVSS3.7AI score0.0084EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/07/28 11:34 a.m.40 views

Nextcloud: Talk - Leak of password-protected room name via already existent resource addition

CVSS ---- Medium 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Description ----------- Affected: Talk / Spreed 6.0.3 The name of shared but password-protected rooms leaks to low-privileged authenticated users. An attacker does not need to guess room IDs, but can simply iterate over IDs to gath...

4CVSS3.8AI score0.00766EPSS
Exploits0
Hacker One
Hacker One
added 2019/07/28 10:22 a.m.30 views

Nextcloud: Persistent XSS via filename in projects

CVSS ---- Medium 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Description ----------- Affected: Talk / Spreed 6.0.3 The name of a file is echoed without encoding when moving the mouse onto it in the projects tab of a conversation, leading to persistent XSS. A successful attack requires an...

3.5CVSS1.6AI score0.0084EPSS
Exploits0
Hacker One
Hacker One
added 2019/07/28 6:44 a.m.30 views

Nextcloud: Clickjacking on https://download.nextcloud.com/

the vulnerability is Clickjacking Steps for Reproduce: 1. Create a script like this Clickjacking! The Site is Vulnerability Clickjacking 2. Enter a file name after saving it in the .html format Then the web is Vuln Clickjacking Sorry bad english im indonesian Impact By using Clickjacking techniqu...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2019/07/27 9:35 a.m.21 views

Nextcloud: Clickjacking on https://nextcloud.com/

the vulnerability is Clickjacking Steps for Reproduce: 1. Create a script like this Clickjacking! The Site is Vulnerability Clickjacking 2. Enter a file name after saving it in the .html format Then the web is Vuln Clickjacking Sorry bad english im indonesian Impact By using Clickjacking techniqu...

0.4AI score
Exploits0
Nextcloud
Nextcloud
added 2019/07/26 12:0 a.m.22 views

Improper check for access to application database (NC-SA-2018-015)

A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement...

2.3AI score
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2019/07/26 12:0 a.m.27 views

Bypass lock protection in Android app (NC-SA-2019-008)

If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time...

2.1CVSS1.7AI score0.00385EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
added 2019/07/26 12:0 a.m.26 views

Thumbnails of files leaked via Android content provider (NC-SA-2019-007)

If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, he can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin...

2.1CVSS2.9AI score0.00434EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
added 2019/07/26 12:0 a.m.29 views

Bypass lock protection in Android app (NC-SA-2019-006)

If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can easily access the nextcloud-files even if the nextcloud app is locked with a fingerprint or pin...

3.6CVSS2.4AI score0.00469EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2019/07/24 1:15 p.m.17 views

Nextcloud: Clickjacking on https://download.nextcloud.com

This page is vulnerable to clickjacking https://download.nextcloud.com Steps to Reproduce: 1. Copy the following code and save it as clickjacking.html Clickjack test page Website is vulnerable to clickjacking! 2. Open it in browser You can see the website is vulnerable to clickjacking Impact Anyo...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2019/07/13 4:36 p.m.27 views

Nextcloud: User can delete data in shared folders he's not autorized to access

Steps to reproduce 1. create a group folder named TEST and share with "admin group" and "test group", marking the advanced permission flag 2. create two folders inside the main share: visible and invisible 3. inside "invisible" folder create a test file let's say something like "test.txt" 4. set...

5.5CVSS0.2AI score0.01856EPSS
Exploits1
Nextcloud
Nextcloud
added 2019/07/04 12:0 a.m.31 views

Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

4CVSS2.5AI score0.01287EPSS
Exploits1Affected Software1
Rows per page
Query Builder