4993 matches found
MGASA-2018-0226 Updated nextcloud packages fix security vulnerabilities and update version
Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...
Updated nextcloud packages fix security vulnerabilities and update version
Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...
Nextcloud: Banner Grabbing - Apache Server Version Disclosure
I have found a little information disclosure on your system. Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. I've captured the HTTP request while visiting...
Nextcloud: Click Jacking Nextcloud
Hello Security, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contro...
Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Windows
Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Linux
Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud: OAuth2 Access Token and App Password Security Vulnerability
The OAuth2 endpoint of the Nextcloud server was not following RFC6749. The server did not perform required verification of provided data. And the server did not properly rotate and expire access tokens. In case of a compromised OAuth client this could lead to unauthorized access. After working...
openSUSE Security Update : nextcloud (openSUSE-2018-384)
This update for nextcloud fixes the following issues : Security issue fixed : - CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability boo1087402. Bug fixes : - See online release notes for all relevant changes...
Nextcloud: Bruteforce in admin panel
Hello there, Admin panel of your website https://nextcloud.com/wp-login.php is vulnerable to bruteforce attacks as their is no rate-limiting. Impact Can gain access to admin panel. To fix this, Just add rate limiting...
The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap allows a hacker to gain root privileges.
The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain root privileges during package updates using scripts located in the...
Nextcloud Server Design Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Server is a server version of it. A security vulnerability exists in Nextcloud Server versions prior to 11.0.7 and prior to 12.0.5. An attacker coul...
Nextcloud: Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock
I'm sorry for my bad English, I'm German How to reproduce this security bug. Step 1: Take a normal Android smartphone maybe it also works on iOS, but I have not tested it yet. Step 2: Install the official nextcloud-client. Step 3: Set up nextcloud: Open the nextcloud app, tap on "Skip", enter the...
Authorization
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...
CVE-2017-0936
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...
CVE-2017-0936
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...
CVE-2017-0936
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...
CVE-2017-0936
CVE-2017-0936 affects Nextcloud Server prior to 11.0.7 and 12.0.5, where an Authorization Bypass Through User-Controlled Key vulnerability exists due to a missing ownership check. This allows logged-in users to change the scope of app passwords for other users. The app passwords themselves are no...
Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability
Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...
CVE-2017-9286
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...