4993 matches found
Nextcloud: Share recipient can modify a share's expiration date
Vulnerable URL http://server/nextcloud/ocs/v2.php/apps/filessharing/api/v1/shares/share ID number Summary Nextcloud users can set expiration dates on documents they share with others. However, the function to update a share does not appear to properly validate the requester is the owner when...
Event details leaked when sharing a non-public calendar event (NC-SA-2020-013)
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event...
Nextcloud: Event privacy level does not work in Thunderbird
Events in shared calendar with changed privacy level to any other than public are shown in Thunderbird as public anyway with all details How to reproduce: 1 - create an event in user A's calendar shared to user B 2 - change privacy setting of this event to any other than public 3 - open Thunderbi...
Nextcloud Server Access Control Error Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An Access Control Error vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11, which c...
Nextcloud Server Improper Access Control Checking Vulnerability
Nextcloud is a set of client-server software for creating file hosting services and using them. An improper access control checking vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an unauthenticated, remote attacker via the publicpreview.php functio...
Nextcloud Server Session Fixation Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A session fixation vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.3, and 12.0.8, which can be...
Nextcloud Server Privilege Authentication Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege authentication vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an attacker t...
Nextcloud Server Privilege Authentication Vulnerability (CNVD-2019-18774)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege validation vulnerability exists in versions of Nextcloud Server prior to 14.0.0 that can be exploited by an attacker to bypa...
Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) - Windows
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nextcloud Server < 14.0.0, < 13.0.3, < 12.0.8 Session fixation on public share page (NC-SA-2018-013) - Linux
Nextcloud Server is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nextcloud Server < 14.0.0, < 13.0.6, < 12.0.11 Improper validation of permissions (NC-SA-2018-010) - Linux
Nextcloud Server is prone to an improper access restriction vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nextcloud Server < 14.0.0, < 13.0.6, < 12.0.11 Improper validation of permissions (NC-SA-2018-010) - Windows
Nextcloud Server is prone to an improper access restriction vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nextcloud Server < 14.0.0 Multiple Vulnerabilities (NC-SA-2018-011, NC-SA-2018-012, NC-SA-2018-014) - Linux
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nextcloud Server < 14.0.0, < 13.0.3, < 12.0.8 Session fixation on public share page (NC-SA-2018-013) - Windows
Nextcloud Server is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Default credentials
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
CVE-2018-16465
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...
CVE-2018-16466
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...
CVE-2018-16463
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...
CVE-2018-16467
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...
Session fixation
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...