Lucene search
K

4993 matches found

Hacker One
Hacker One
added 2019/03/04 12:10 p.m.60 views

Nextcloud: Uploading large avatar images cause excessive CPU usage

How to reproduce: - Create an account on any server running Nextcloud 13 or 14. - Open the personal settings. - Upload a large image as avatar tested with a 4032x3024 PNG image of about 14.5 MB. - Keep the selected area in the popup and save the avatar. - Notice that the avatar area shows the...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2019/02/20 10:0 p.m.14 views

Nextcloud: User Editable nextcloud Wiki pages of Public Repositories

Summary : I have found that the "Edit" Permissions of WIKI pages are NOT disabled on the public repositories of nextcloud. Generally Edit permissions are given only to the collaborators of a specific repository. but that is not the case with Nextcloud, It is public editable which isn't right in...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/02/20 8:31 p.m.26 views

Nextcloud: XSS On Nextcloud Integrated with zimbra drive

Hello Team, There is an stored xss on Nextcloud plugin with Zimbra Drive. I integrate zimbra with nextcloud 13 zimbra drive 0.8.20. Please see attached file and I am waiting for your response. Best regards Impact Get sensitive data...

1AI score
Exploits0
Hacker One
Hacker One
added 2019/02/04 10:52 a.m.25 views

Nextcloud: Bypassing lock protection

Nextcloud allows multi account within the android client app and relies on a single lock Based on the exposed intent nc://login, it is possible to add a new account under attacker domain and open the Nextcloud without the lock check. Proof of concept 1. open the NC app with the lock displayed 2...

4.6CVSS1AI score0.00463EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/02/01 12:0 a.m.49 views

OPNsense 19.1 Cross Site Scripting

Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2019/01/26 5:24 p.m.39 views

Nextcloud: 2FA Session not expires after the password reset

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset...

3.2CVSS1.2AI score0.0032EPSS
Exploits0
Hacker One
Hacker One
added 2019/01/08 4:10 p.m.43 views

Nextcloud: Private/confidential setting of calendar events is ignored on activity stream

https://github.com/nextcloud/server/pull/13331 Events that are private should not generate events for other users Events that are confidential should not leak the name to other users Impact The details are leaked to other users...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2019/01/08 11:41 a.m.17 views

Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com

summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2019/01/08 9:59 a.m.181 views

Nextcloud: Password authentication at newsletter.nextcloud.com discloses username list

summary: A vulnerability classified as problematic has been found in OpenSSH 7.2p2. check INFO.pngAffected is an unknown function of the component Authentication. The manipulation of the argument Password with an unknown input leads to a information disclosure vulnerability Username. CWE is...

4.3CVSS0.88944EPSS
Exploits12
Hacker One
Hacker One
added 2018/12/29 2:54 p.m.16 views

Nextcloud: Content spoofing on https://surveyserver.nextcloud.com

Hi NextCloud team, the https://surveyserver.nextcloud.com domain is vulnerable against content spoofing in the forbidden page due to the fact that the request URI is reflected without validation inside the aforementioned page. 1. Go on...

1AI score
Exploits0
Hacker One
Hacker One
added 2018/12/18 4:44 p.m.27 views

Nextcloud: Passwords being stored as plain text in logging

When an exception occurs, any password sent to or being processed by the server may be stored as plain text in the log. I noticed that some methods are already being filtered in ExceptionSerializer.php, but many methods are missing from this list. Suggestion: instead of relying on a list of...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2018/12/14 1:28 p.m.46 views

Nextcloud: Retrieval and alteration of exposed media on Android Oreo

Good afternoon. Any media downloaded from the cloud server within the Android app is subject to third party modification and server re-upload without explicit user consent. This happens at least on Android Oreo, as data is automatically stored on shared folder...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/12/12 3:31 p.m.38 views

Nextcloud: Remote attacker can impersonate Social users via ActivityPub API

Hi there! First up I want to acknowledge that Social may not be in scope. I emailed [email protected], which pointed me here, and I wasn't sure whether to just put it in a GitHub issue. In any case I hope I'm not wasting your time. When an HTTP request arrives at the shared inbox endpoint...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2018/12/10 12:0 a.m.14 views

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:4002-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.4CVSS5.5AI score0.00769EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/12/07 5:23 p.m.103 views

Nextcloud: xmlrpc.php is enabled - Nextcloud

Hi Nextcloud Team, Summary: An attacker can devise a XML request to list all the methods that are enabled on the server. Replace Get with POST request and add method call in the request. To reproduce the vulnerability you need to use Firefox browser and Burpsuite Open:...

7.1AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/07 12:19 p.m.41 views

Security update for nextcloud (moderate)

This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from...

3.5CVSS2.3AI score0.00769EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/07 12:13 p.m.40 views

Security update for nextcloud (moderate)

This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from...

3.5CVSS2.3AI score0.00769EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.25 views

openSUSE Security Update : nextcloud (openSUSE-2018-1487)

This update for nextcloud fixes security issues and bugs. Security issues fixed : - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including : - Password expiration time changed fro...

5.4CVSS5.2AI score0.00769EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/12/06 7:2 p.m.42 views

Nextcloud: Github wikis are editable by anyone

Github wikis on the following projects https://github.com/nextcloud/fulltextsearch https://github.com/nextcloud/nextcloudpi https://github.com/nextcloud/spreed https://github.com/nextcloud/ocsms https://github.com/nextcloud/nextcloud-snap https://github.com/nextcloud/passman can be edited by any...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2018/11/29 9:50 p.m.64 views

Nextcloud: Expired reshare links allow access to all files in share

After a reshared subfolder link has expired, the link allows access to the full folder. I found the Problem in Nextcloud 14.0.3, but it still persists in 14.0.4 Steps: 1. share folder "A" with an nextcloud group 2. reshare a subfolder "B" of this folder with another user on this group in this cas...

5.5CVSS1.3AI score0.01036EPSS
Exploits1
Rows per page
Query Builder