4993 matches found
Nextcloud: Gallery: No feedback for invalid password
CVSS ---- Low 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Description ----------- The Gallery plugin does not inform a user when password-protecting a file failed in combination with the Password Policy plugin. Because of this, files that the user will rightfully assume to be...
Nextcloud: Talk / spreed: Disclosure of Room names and participants for password protected rooms
CVSS ---- 5.3 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS isn't always as fine-grained as I'd like; personally, I would rate the issue somewhere between low and medium Description ----------- The API of the official spreed/talk extension reveals potentially sensitive information such...
Nextcloud: Server-Side request forgery in New-Subscription feature of the calendar app
CVSS ---- 8.5 High CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Description ----------- The "New Subscription" functionality of the official Calendar app allows authenticated users to direct the server to perform arbitrary external requests, and then displays the full response to the user. The...
MGASA-2018-0394 Updated nextcloud packages fix security vulnerability
Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...
Updated nextcloud packages fix security vulnerability
Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Nextcloud: Information Exposure Through Directory Listing - https://apps.nextcloud.com/static/
Hi Security Team, Url : https://apps.nextcloud.com/static/assets/ Dork : site:nextcloud.com intitle:index.of Hello I am Ismail Tasdelen. I was testing directory security and I saw many directories open. Thanks Impact A directory listing is inappropriately exposed, yielding potentially sensitive...
openSUSE Security Update : nextcloud (openSUSE-2018-936)
This update for nextcloud to version 13.0.5 fixes the following issues : Security issues fixed : - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:2521-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)
Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server Security Bypass Vulnerability (Aug 2018)
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NextCloud Talk Cross-Site Scripting Vulnerability
NextCloud Talk is a local video conferencing and online chat solution from NextCloud Germany. The product supports video conferencing, online chat and online voice. A cross-site scripting vulnerability exists in versions prior to NextCloud Talk 3.2.5, which stems from the program failing to...
NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Cross site scripting
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...