Lucene search
K

5044 matches found

Hacker One
Hacker One
added 2016/06/17 12:33 p.m.18 views

Nextcloud: Content Spoofing

Hi i got content spoofing vulnerability . Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. POC Link :- https://nextcloud.com/.htacess%20THIS%20IS%20CONTENT%20SPOOFING...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2016/06/17 11:35 a.m.37 views

Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view

Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...

3.5CVSS0.1AI score0.01373EPSS
Exploits1
Hacker One
Hacker One
added 2016/06/17 11:15 a.m.28 views

Nextcloud: nextcloud.com: Content Injection Custom 404 Error

Hello Team , Request: if u think the reported issues have acceptable risk and u r not going to make changes then kindly request to mark as Informative . Description : This report is about how an attacker is able to spoof the content of 404 page and can add thr own Text in way that the Current...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/06/17 10:48 a.m.25 views

Nextcloud: Possible RCE

Hello, I just quickly took a glance, I am not entirely sure or didn't get a chance to test it but it seems there are some serious bugs. In /apps/userldap/ajax/wizard.php: php 36: $action = string$POST'action'; and it is called in multiple places. including line 83 & 99. one being $action$loginNam...

0.6AI score
Exploits0
Rows per page
Query Builder