Lucene search
K

4993 matches found

Prion
Prion
added 2018/10/30 9:29 p.m.22 views

Input validation

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

5.5CVSS8AI score0.00957EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/30 9:29 p.m.16 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

3.1CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2018/10/30 9:29 p.m.23 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

5.7CVSS5.6AI score0.00891EPSS
Exploits0References2
Prion
Prion
added 2018/10/30 9:29 p.m.17 views

Default credentials

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

3.5CVSS5.7AI score0.00891EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/10/30 9:29 p.m.22 views

Design/Logic Flaw

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

4.3CVSS5.2AI score0.00811EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/30 9:29 p.m.24 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

5.3CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2018/10/30 9:29 p.m.20 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

5.7CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2018/10/30 9:29 p.m.28 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

8.1CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2018/10/30 9:29 p.m.21 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.3CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.25 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

8AI score0.00957EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.23 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

5.3AI score0.00811EPSS
Exploits0References2
CVE
CVE
added 2018/10/30 9:0 p.m.51 views

CVE-2018-16465

Nextcloud Server is affected when used with versions prior to 14.0.0. The issue is a missing state that would have enforced a second factor at login if the 2FA provider failed to load, effectively allowing a 2FA bypass under certain conditions. This vulnerability is described in advisories NC-SA-...

5.3CVSS5.1AI score0.00811EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/30 9:0 p.m.58 views

CVE-2018-16463

CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...

3.6CVSS3.9AI score0.00545EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/30 9:0 p.m.57 views

CVE-2018-16466

CVE-2018-16466 affects Nextcloud Server prior to 14.0.0, 13.0.6, and 12.0.11. The root cause is improper revalidation of permissions, which can cause access restrictions to be bypassed via access tokens. The issue is documented in NC-SA-2018-010 (vendor fix). Affected versions include Nextcloud S...

8.1CVSS7.9AI score0.00957EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.25 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

3.8AI score0.00545EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.25 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

5.5AI score0.00891EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.24 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.4AI score0.01068EPSS
Exploits1References2
CVE
CVE
added 2018/10/30 9:0 p.m.51 views

CVE-2018-16464

CVE-2018-16464 affects Nextcloud Server prior to 14.0.0. A missing access check could allow continued access to password-protected link shares after the owner changes the password, enabling unauthorized access to shared resources. Remediation: upgrade to Nextcloud Server 14.0.0 or apply vendor ad...

5.7CVSS5.5AI score0.00891EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/30 9:0 p.m.61 views

CVE-2018-16467

CVE-2018-16467 (Nextcloud Server before 14.0.0) is an improper access‑control vulnerability enabling unauthenticated attackers to bypass password protection for previews of single-file shares via the vulnerable publicpreview.php endpoint. The issue can disclose previews (notably image files) with...

5.3CVSS5.2AI score0.01068EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2018/10/27 7:33 p.m.19 views

Nextcloud: https://help.nextcloud.com::: Web cache poisoning attack

Hi there, I just found the website: https://help.nextcloud.com is infected with "Web cache poisoning" Abuse this bug, Attacker can: 1. Poison your cache with HTTP header with XSS included. This attack may leads to Stored XSS 2. Poison your website contains malware url cache poisoned by attacker,...

6.1AI score
Exploits0
Rows per page
Query Builder