EUVD-2021-27712

Malicious code in bioql PyPI...

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

user_ldap app logs user passwords in the log file on level debug

None...

Nextcloud Security Breach

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server, Nextcloud Enterprise Server versions prior to 25.0.11, 26.0.6, and 27.1.0, which stems from a userldap...

CVE-2021-40537

Server Side Request Forgery SSRF vulnerability exists in owncloud/userldap 0.15.4 in the settings of the userldap app. Administration role is necessary for exploitation...

CVE-2021-40537

Server Side Request Forgery SSRF vulnerability exists in owncloud/userldap 0.15.4 in the settings of the userldap app. Administration role is necessary for exploitation...

Server side request forgery (ssrf)

Server Side Request Forgery SSRF vulnerability exists in owncloud/userldap 0.15.4 in the settings of the userldap app. Administration role is necessary for exploitation...

CVE-2021-40537

CVE-2021-40537 concerns a Server Side Request Forgery (SSRF) in the owncloud/user_ldap extension prior to version 0.15.4. The vulnerability stems from the user_ldap app settings and is exploitable only by users with Administration privileges. Affected component: ownCloud with the user_ldap app; r...

CVE-2021-40537

Server Side Request Forgery SSRF vulnerability exists in owncloud/userldap 0.15.4 in the settings of the userldap app. Administration role is necessary for exploitation...

Server Side Request Forgery (SSRF) through user_ldap app - ownCloud

Server Side Request Forgery SSRF vulnerability in the settings of the userldap app. Administration role is necessary for exploitation...

Nextcloud: Possible RCE

Hello, I just quickly took a glance, I am not entirely sure or didn't get a chance to test it but it seems there are some serious bugs. In /apps/userldap/ajax/wizard.php: php 36: $action = string$POST'action'; and it is called in multiple places. including line 83 & 99. one being $action$loginNam...

CVE-2014-9043

The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...

Authentication flaw

The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...

Login bypass when using user_ldap due to unauthenticated binds - ownCloud

"userldap" in the web-interface called "LDAP user and group backend" is an optional authentication backend for ownCloud for using LDAP users and groups within the ownCloud web application. The ownCloud team has discovered a vulnerability within the "userldap" application which, depending on the...

Server: Login bypass when using user_ldap due to unauthenticated binds

"userldap" in the web-interface called "LDAP user and group backend" is an optional authentication backend for ownCloud for using LDAP users and groups within the ownCloud web application. The ownCloud team has discovered a vulnerability within the "userldap" application which, depending on the...

Multiple CSRF vulnerabilities - ownCloud

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the “lat” and “lng” POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

Arbitrary file deletion

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...