Lucene search
K

4993 matches found

Hacker One
Hacker One
added 2017/06/28 7:13 p.m.42 views

Nextcloud: Password of failed (2FA) login attempt is stored in log

If I try to log in on Webdav with my usual Nextcloud password, it doesn't work due to 2FA. I need an application password. The password of a failed login attempt by any user is stored plain text in the log: ...OCA\\DAV\\Connector\\Sabre\\Auth-validateUserPass'matthes', 'THEPASSWORD'... Even...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/06/23 8:0 p.m.18 views

Nextcloud: Android content provider exposes password-protected share password hashes

Summary Nextcloud Android client v1.4.3 has a globally available content provider which exposes the bcrypt password hashes for password protected shared files and folders. Description Android apps can use a content provider to handle storage and retrieval of data. Content providers that are...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/06/07 11:28 p.m.220 views

Nextcloud: ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

Hello Team NextCloud, In reference report 217381 I've reported the DDOS attack via DNS Port at OwnCloud.. And it was successfully patched. But now same issue I got at ci.nextcloud.com Proof Of Concept: Here it is the nmap result of ci.nextcloud.com NMap Scan Results: Starting Nmap 7.40...

7.8CVSS7.4AI score0.91284EPSS
Exploits12
Hacker One
Hacker One
added 2017/06/06 12:48 p.m.15 views

Nextcloud: Unauthenticated 'display name' information leak on enumeration of login names

I reported this last week through email, but I didn't receive any response so that is why I report this once more. - This is probably not considered as a real security vulnerability, but my customers would like to see this fixed, therefore I report it. Problem: It is possible to get a users...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2017/06/06 9:17 a.m.37 views

Nextcloud: Session fixation in password protected public download.

Public downloads protected with a password are vulnerable to a session fixation attack. This finding was discovered during a penetration test of NextCloud version 10.0.2.7. 1 Pre-provision a victim with the attacker controlled cookie values: Firefox cookie manager: www.clouddrive.example FALSE %2...

3.6CVSS3.9AI score0.00545EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/05/30 12:0 a.m.26 views

Nextcloud Multiple XSS Vulnerabilities - Linux

Nextcloud is prone to multiple XSS vulnerabilities SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver";...

5.4CVSS5.5AI score0.00643EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2017/05/30 12:0 a.m.25 views

Nextcloud Multiple Vulnerabilities-01 (May 2017) - Linux

Nextcloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver";...

5.4CVSS4.5AI score0.01169EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2017/05/30 12:0 a.m.19 views

Nextcloud 'Calender and Addressbook' Information Disclosure Vulnerability - Linux

Nextcloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.5CVSS3.6AI score0.00724EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/05/27 1:58 a.m.34 views

Nextcloud: [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification

Subject: FG-VD-17-063 NextCloud Insufficient Attack Protection Vulnerability Notification ------- Vulnerability Notification May 26, 2017 Tracking Case : FG-VD-17-063 Dear NextCloud, The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined...

5CVSS4.9AI score0.01263EPSS
Exploits0
Hacker One
Hacker One
added 2017/05/25 7:19 p.m.95 views

Nextcloud: Shared file link - password protection bypass under certain conditions

Summary An unauthenticated remote attacker can bypass password protection on certain shared file types through the file sharing app's publicpreview.php function. Vulnerable URL http://server/nextcloud/index.php/apps/filessharing/ajax/publicpreview.php?x=width&y=height&t=share ID Description...

5CVSS0.5AI score0.01068EPSS
Exploits1
Hacker One
Hacker One
added 2017/05/24 7:29 p.m.20 views

Nextcloud: HTML injection and limited XSS via logo image upload - Nextcloud 12.0.0

Summary The logo image upload function in Nextcloud Server v12.0.0 does not validate the uploaded file, leading to XSS in certain circumstances. Vulnerable URLs Replace server with the IP address or hostname of your Nextcloud server. File upload -...

6.1AI score
Exploits0
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

Nextcloud Unauthorized Access Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. An unauthorized access vulnerability exists in Nextcloud. An attacker could use this vulnerability to bypass certain security restrictions and obtain sensitive information, leading...

4.3CVSS6.7AI score0.01624EPSS
Exploits1References1
Hacker One
Hacker One
added 2017/05/20 9:9 p.m.83 views

Nextcloud: IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email

Hi Team, I Was Looking around your website and then I found a subdomain newsletter.nextcloud.com on the main page it shows us 3 Options i choose 1st that was Subscribe to our newsletter , Then I click on this Option and I was Taken to https://newsletter.nextcloud.com/?p=subscribe&id=1 The page...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/05/18 11:42 a.m.40 views

Nextcloud: Email Spoofing Vulnerability from nextcloud.

Hi nextcloud, Here is Shaifullah Shaon BlackEyE, An Ethical Hacker. a white hat cyber security researcher from Bangladesh reporting a serious 3'rd ranking in OWASP security vulnerability on your system. There is an Email Spoofing Vulnerability from nextcloud. Steps to reproduce: 1 Go to...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/05/17 12:40 p.m.39 views

Nextcloud: RTLO character allowed in shared files

SUMMARY ------------- Hello, I have notices that you do not properly strip the RTLO right to left override character in the sharing page of the file, thus allowing someone to mask the real extension of a file and if the user downloads, then opens the file something may be executed on his machine...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/05/16 1:42 p.m.28 views

Nextcloud: (Authenticated) RCE by bypassing of the .htaccess blacklist

Storage::copyFromStorage doesn't check the content of a folder it copies against the list of blacklisted files. Meaning that if a user has access to an external storage inc. fed. shares that contains a .htaccess file, he can move the .htaccess file to the local data directory. The attack works on...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/16 12:0 a.m.67 views

NextCloud / OwnCloud Cross Site Scripting

================================================================== Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages ================================================================== Information ------------------------------------------------------------------ Name:...

5.5AI score0.00643EPSS
Exploits1
CNVD
CNVD
added 2017/05/10 12:0 a.m.2 views

Nextcloud Server Authentication Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An authentication vulnerability exists in versions of Nextcloud Server prior to 11.0.3 due to the program failing to...

4.3CVSS6.9AI score0.00985EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/10 12:0 a.m.3 views

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2017-06334)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of Nextcloud Server prior to 11.0.3. This vulnerability allows...

5.4CVSS5.4AI score0.00643EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/10 12:0 a.m.3 views

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2017-06335)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in several components of Nextcloud Server. This vulnerability could be...

5.4CVSS6.2AI score0.00739EPSS
Exploits0References1
Rows per page
Query Builder