Lucene search
K

4993 matches found

Hacker One
Hacker One
added 2018/11/20 5:7 a.m.51 views

Nextcloud: Share recipient can modify a share's expiration date

Vulnerable URL http://server/nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares/share ID number Summary Nextcloud users can set expiration dates on documents they share with others. However, the function to update a share does not appear to properly validate the requester is the owner when...

4CVSS4.8AI score0.00684EPSS
Exploits1
Nextcloud
Nextcloud
added 2018/11/15 12:0 a.m.25 views

Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event...

4CVSS2.1AI score0.00714EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/11/13 11:4 a.m.34 views

Nextcloud: Event privacy level does not work in Thunderbird

Events in shared calendar with changed privacy level to any other than public are shown in Thunderbird as public anyway with all details How to reproduce: 1 - create an event in user A's calendar shared to user B 2 - change privacy setting of this event to any other than public 3 - open Thunderbi...

4CVSS0.9AI score0.00714EPSS
Exploits0
CNVD
CNVD
added 2018/11/02 12:0 a.m.1 views

Nextcloud Server Access Control Error Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An Access Control Error vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11, which c...

8.1CVSS6.8AI score0.00957EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.1 views

Nextcloud Server Improper Access Control Checking Vulnerability

Nextcloud is a set of client-server software for creating file hosting services and using them. An improper access control checking vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an unauthenticated, remote attacker via the publicpreview.php functio...

5.3CVSS7.1AI score0.01068EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.3 views

Nextcloud Server Session Fixation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A session fixation vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.3, and 12.0.8, which can be...

3.6CVSS4.5AI score0.00545EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.2 views

Nextcloud Server Privilege Authentication Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege authentication vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an attacker t...

5.7CVSS7.3AI score0.00891EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.20 views

Nextcloud Server Privilege Authentication Vulnerability (CNVD-2019-18774)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege validation vulnerability exists in versions of Nextcloud Server prior to 14.0.0 that can be exploited by an attacker to bypa...

5.3CVSS6.9AI score0.00811EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.30 views

Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) - Windows

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

5.7CVSS5.3AI score0.01068EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.20 views

Nextcloud Server < 14.0.0, < 13.0.3, < 12.0.8 Session fixation on public share page (NC-SA-2018-013) - Linux

Nextcloud Server is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

3.6CVSS3.7AI score0.00545EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.21 views

Nextcloud Server < 14.0.0, < 13.0.6, < 12.0.11 Improper validation of permissions (NC-SA-2018-010) - Linux

Nextcloud Server is prone to an improper access restriction vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

8.1CVSS8.1AI score0.00957EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.31 views

Nextcloud Server < 14.0.0, < 13.0.6, < 12.0.11 Improper validation of permissions (NC-SA-2018-010) - Windows

Nextcloud Server is prone to an improper access restriction vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

8.1CVSS8.1AI score0.00957EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.27 views

Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) - Linux

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

5.7CVSS5.3AI score0.01068EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2018/11/01 12:0 a.m.28 views

Nextcloud Server < 14.0.0, < 13.0.3, < 12.0.8 Session fixation on public share page (NC-SA-2018-013) - Windows

Nextcloud Server is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

3.6CVSS3.7AI score0.00545EPSS
Exploits0References2
Prion
Prion
added 2018/10/30 9:29 p.m.24 views

Default credentials

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5CVSS5.3AI score0.01068EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/10/30 9:29 p.m.20 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

5.3CVSS5.2AI score0.00811EPSS
Exploits0References2
NVD
NVD
added 2018/10/30 9:29 p.m.23 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

8.1CVSS8AI score0.00957EPSS
Exploits0References2
NVD
NVD
added 2018/10/30 9:29 p.m.25 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

3.6CVSS3.9AI score0.00545EPSS
Exploits0References2
NVD
NVD
added 2018/10/30 9:29 p.m.17 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.3CVSS5.3AI score0.01068EPSS
Exploits1References2
Prion
Prion
added 2018/10/30 9:29 p.m.15 views

Session fixation

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

3.6CVSS4.2AI score0.00545EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder