Skip to content

Latest commit

 

History

History
307 lines (303 loc) · 38.1 KB

TOPNEXTCLOUD.md

File metadata and controls

307 lines (303 loc) · 38.1 KB
Raw

Back

Top reports from Nextcloud program at HackerOne:

  1. Code injection possible with malformed Nextcloud Talk chat commands to Nextcloud - 310 upvotes, $3000
  2. User can delete data in shared folders he's not autorized to access to Nextcloud - 164 upvotes, $250
  3. Access to all files of remote user through shared file to Nextcloud - 146 upvotes, $750
  4. Missing ownership check on remote wipe endpoint to Nextcloud - 122 upvotes, $500
  5. Remote Code Execution via Extract App Plugin to Nextcloud - 120 upvotes, $0
  6. Re-Sharing allows increase of privileges to Nextcloud - 89 upvotes, $750
  7. No rate limiting for confirmation email lead to huge Mass mailings to Nextcloud - 73 upvotes, $0
  8. Arbitrary SQL command injection to Nextcloud - 71 upvotes, $500
  9. File-drop content is visible through the gallery app to Nextcloud - 66 upvotes, $500
  10. Arbitrary code execution in desktop client via OpenSSL config to Nextcloud - 59 upvotes, $100
  11. Arbitrary code execution in desktop client via OpenSSL config to Nextcloud - 59 upvotes, $100
  12. Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock to Nextcloud - 54 upvotes, $100
  13. Clear text storage of proxy parameters and passwords to Nextcloud - 53 upvotes, $250
  14. Stored XSS in collabora via user name to Nextcloud - 48 upvotes, $0
  15. Memory Leak in OCUtil.dll library in Desktop client can lead to DoS to Nextcloud - 40 upvotes, $100
  16. Memory Leak in OCUtil.dll library in Desktop client can lead to DoS to Nextcloud - 40 upvotes, $100
  17. [Reflected XSS] In Request URL to Nextcloud - 37 upvotes, $50
  18. Remote code execution via path traversal in Zip extraction in the Extract app to Nextcloud - 37 upvotes, $0
  19. Expired reshare links allow access to all files in share to Nextcloud - 36 upvotes, $400
  20. No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted to Nextcloud - 35 upvotes, $50
  21. http://www.nextcloud.com/wp-includes/js/swfupload/swfupload.swf allows open redirect / site defacement to Nextcloud - 32 upvotes, $0
  22. Cross site scripting - XSRF Token to Nextcloud - 32 upvotes, $0
  23. SQL Injection found in NextCloud Android App Content Provider to Nextcloud - 30 upvotes, $150
  24. Passwords being stored as plain text in logging to Nextcloud - 30 upvotes, $0
  25. Group admins can remove arbitrary data from "data" directory (including admin data) to Nextcloud - 29 upvotes, $150
  26. Group admins can remove arbitrary data from "data" directory (including admin data) to Nextcloud - 29 upvotes, $150
  27. Code injection in macOS Desktop Client to Nextcloud - 27 upvotes, $250
  28. CSRF vulnerability that allows an attacker to modify encryption settings to Nextcloud - 27 upvotes, $0
  29. Reflected XSS in error pages (NC-SA-2017-008) to Nextcloud - 26 upvotes, $450
  30. I am because bug to Nextcloud - 26 upvotes, $0
  31. Persistent XSS via filename in projects to Nextcloud - 23 upvotes, $150
  32. Stored XSS on Share-popup of a directory's Gallery-view to Nextcloud - 22 upvotes, $750
  33. "Secure View" aka "Hide Download" can be bypassed easily to Nextcloud - 20 upvotes, $100
  34. https://help.nextcloud.com::: Web cache poisoning attack to Nextcloud - 20 upvotes, $0
  35. SQLi allow query restriction bypass on exposed FileContentProvider to Nextcloud - 19 upvotes, $100
  36. Gallery: No feedback for invalid password to Nextcloud - 19 upvotes, $50
  37. Log pollution can lead to HTML Injection. to Nextcloud - 18 upvotes, $350
  38. Username and Access Token Disclousure to Nextcloud - 18 upvotes, $250
  39. XSS in PDF Viewer to Nextcloud - 18 upvotes, $100
  40. Server side request forgery (SSRF) on nextcloud implementation. to Nextcloud - 18 upvotes, $0
  41. bypass of 2FA to Nextcloud - 17 upvotes, $750
  42. OAuth2 Access Token and App Password Security Vulnerability to Nextcloud - 17 upvotes, $400
  43. Session fixation in password protected public download. to Nextcloud - 17 upvotes, $50
  44. Reflected XSS / Markup Injection in index.php/svg/core/logo/logo parameter color to Nextcloud - 17 upvotes, $50
  45. DOM XSS vulnerability in search dialogue (NC-SA-2017-007) to Nextcloud - 16 upvotes, $250
  46. User with read-only access to a share can gain write access to sub-folders in the share to Nextcloud - 16 upvotes, $250
  47. Access control issue -- [Allow file system access not validated when using session auth] to Nextcloud - 16 upvotes, $100
  48. Blind Stored XSS on iOS App due to Unsanitized Webview to Nextcloud - 16 upvotes, $100
  49. SSRF protection bypass to Nextcloud - 16 upvotes, $100
  50. XSS in desktop client via invalid server address on login form to Nextcloud - 16 upvotes, $100
  51. Response Header injection using redirect_uri together with PHP that utilizes Header Folding according to RFC1945 and Internet Explorer 11 to Nextcloud - 16 upvotes, $0
  52. IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email to Nextcloud - 16 upvotes, $0
  53. Access control missing while viewing the attachments in the "All boards" to Nextcloud - 15 upvotes, $150
  54. Non-admin users can trigger writes to memcached by entering a malicious server as a share URL to Nextcloud - 15 upvotes, $100
  55. Nextcloud domain and name of every user leaked to lookup server to Nextcloud - 14 upvotes, $100
  56. Docker image with FPM is vulnerable to CVE-2019-11043 to Nextcloud - 14 upvotes, $100
  57. Missing server side controls when editing the board’s sharing permissions per user to Nextcloud - 14 upvotes, $100
  58. Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin to Nextcloud - 14 upvotes, $50
  59. Unauthenticated Stored xss to Nextcloud - 14 upvotes, $0
  60. Content Spoofing /Text Injection in https://docs.nextcloud.com to Nextcloud - 14 upvotes, $0
  61. Linux client is vulnerable to directory traversal when downloading files to Nextcloud - 13 upvotes, $250
  62. Only the file extensions are checked, not the MIME types as configured to Nextcloud - 13 upvotes, $175
  63. Registered users can change app password permissions for any user to Nextcloud - 13 upvotes, $100
  64. Delete permission can be added on reshare to Nextcloud - 13 upvotes, $100
  65. Authentication Issue to Nextcloud - 13 upvotes, $50
  66. Android - Possible to intercept broadcasts about uploaded files to Nextcloud - 13 upvotes, $0
  67. Design Issues on ( ███ ) Lead to show ( IPS of Users ) to Nextcloud - 13 upvotes, $0
  68. Content Spoofing/Text Injection in https://demo.nextcloud.com to Nextcloud - 13 upvotes, $0
  69. Possible denial of service when entering a loooong password to Nextcloud - 13 upvotes, $0
  70. Combination of content provider allows private data disclosure to Nextcloud - 12 upvotes, $100
  71. Unrestricted file upload on the image of contacts to Nextcloud - 12 upvotes, $100
  72. Remote attacker can impersonate Social users via ActivityPub API to Nextcloud - 12 upvotes, $50
  73. Talk / spreed: Disclosure of Room names and participants for password protected rooms to Nextcloud - 12 upvotes, $50
  74. WordPress <= 4.6.1 Stored XSS Via Theme File to Nextcloud - 12 upvotes, $0
  75. Disclosure of administrators via JSON on nextcloud.com Wordpress to Nextcloud - 12 upvotes, $0
  76. Wordpress 4.7.1 to Nextcloud - 12 upvotes, $0
  77. https://portal.nextcloud.com/.htaccess file is readable to Nextcloud - 12 upvotes, $0
  78. Predictable Random Number Generator to Nextcloud - 12 upvotes, $0
  79. Bypassing lock protection to Nextcloud - 11 upvotes, $50
  80. No Rate Limiting on stats.nextcloud.com login to Nextcloud - 11 upvotes, $0
  81. Content spoofing in lookup.nextcloud.com to Nextcloud - 11 upvotes, $0
  82. https://xmpp.nextcloud.com///;@www.google.com allows open redirect to Nextcloud - 11 upvotes, $0
  83. Exposing debug.log file leads to server full path disclosure to Nextcloud - 11 upvotes, $0
  84. WordPress vulnerable to multiple attacks at https://nextcloud.com to Nextcloud - 11 upvotes, $0
  85. Able to bypass "Device credentials" Lock to Nextcloud - 10 upvotes, $100
  86. Group admin can remove user from all his groups via API to Nextcloud - 10 upvotes, $0
  87. Reflected XSS in U2F plugin by shipping the example endpoints to Nextcloud - 10 upvotes, $0
  88. Invalid request may lead content spoofing for phishing to Nextcloud - 10 upvotes, $0
  89. bug reporting template encourages users to paste config file with passwords to Nextcloud - 10 upvotes, $0
  90. Stored XSS in OAuth redirect URI to Nextcloud - 10 upvotes, $0
  91. In Dockerized Environments, Failing to Read config.php Grants Any Anonymous User Full Admin Access to Nextcloud - 10 upvotes, $0
  92. The password recovery let users know whether an email address exists or not in the website to Nextcloud - 10 upvotes, $0
  93. Self xss to Nextcloud - 10 upvotes, $0
  94. Bypass permissions to Nextcloud - 9 upvotes, $750
  95. Uploading files to a folder where invited user don't have any EDIT privilege to Nextcloud - 9 upvotes, $250
  96. Delete All Data of Any User to Nextcloud - 9 upvotes, $250
  97. Reduced purmations on encryption to Nextcloud - 9 upvotes, $150
  98. [FG-VD-17-063] NextCloud Insufficient Attack Protection Vulnerability Notification to Nextcloud - 9 upvotes, $100
  99. PHPUnit is included in groupfolders release package potentially causing RCE to Nextcloud - 9 upvotes, $100
  100. Possible denial of service when entering a loooong password to Nextcloud - 9 upvotes, $100
  101. Some HTML Tags are Getting Executed in com.nextcloud.client to Nextcloud - 9 upvotes, $50
  102. help.nextcloud Email Address/Username enumeration to Nextcloud - 9 upvotes, $0
  103. Bruteforcing help.nextcloud.com to Nextcloud - 9 upvotes, $0
  104. \OCA\DAV\CardDAV\ImageExportPlugin allows serving arbitrary data with user-defined or empty mimetype to Nextcloud - 9 upvotes, $0
  105. Privilege escalation - Normal user can somehow make admin to delete shared folders to Nextcloud - 9 upvotes, $0
  106. The session token in the URL to Nextcloud - 9 upvotes, $0
  107. User Editable nextcloud Wiki pages of Public Repositories to Nextcloud - 9 upvotes, $0
  108. Allows any user to share their "Root" level folder by sharing "." to Nextcloud - 9 upvotes, $0
  109. XSS in image metadata field to Nextcloud - 9 upvotes, $0
  110. No rate limiting on sinup page to Nextcloud - 9 upvotes, $0
  111. Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file to Nextcloud - 8 upvotes, $250
  112. Server-Side request forgery in New-Subscription feature of the calendar app to Nextcloud - 8 upvotes, $100
  113. Share recipient can modify a share's expiration date to Nextcloud - 8 upvotes, $100
  114. twofactor_auth bypassable if provider fails to load to Nextcloud - 8 upvotes, $50
  115. Uploading large avatar images cause excessive CPU usage to Nextcloud - 8 upvotes, $50
  116. Files Drop: WebDAV endpoint is leaking existence of resources to Nextcloud - 8 upvotes, $0
  117. User Information Disclosure via REST API to Nextcloud - 8 upvotes, $0
  118. Wordpress Vulnerable to Potential Unauthorized Password Reset to Nextcloud - 8 upvotes, $0
  119. Update App Store: Django account high jacking vulnerability to Nextcloud - 8 upvotes, $0
  120. Directory listing is enabled that exposes non public data through multiple path to Nextcloud - 8 upvotes, $0
  121. Password of failed (2FA) login attempt is stored in log to Nextcloud - 8 upvotes, $0
  122. Reflected XSS in Gallery App to Nextcloud - 7 upvotes, $500
  123. Calendar and addressbook names disclosed (NC-SA-2017-012) to Nextcloud - 7 upvotes, $183
  124. Content (Text) Injection at NextCloud Server 9.0.52 - via http://custom_nextcloud_url/remote.php/dav/files/ to Nextcloud - 7 upvotes, $50
  125. Bad content-type in response header when getting document can lead to html injection to Nextcloud - 7 upvotes, $0
  126. Update php-saml library to 2.10.5 to Nextcloud - 7 upvotes, $0
  127. Missing Rate Limit for Current Password field in nextcloud.com to Nextcloud - 7 upvotes, $0
  128. WordPress < 4.8.2 vulnerable to multiple attacks to Nextcloud - 7 upvotes, $0
  129. Github wikis are editable by anyone to Nextcloud - 7 upvotes, $0
  130. Private/confidential setting of calendar events is ignored on activity stream to Nextcloud - 7 upvotes, $0
  131. Wordpress Users Disclosure to Nextcloud - 7 upvotes, $0
  132. Click Jacking Nextcloud to Nextcloud - 7 upvotes, $0
  133. (Authenticated) RCE by bypassing of the .htaccess blacklist to Nextcloud - 7 upvotes, $0
  134. Disabled user can reset their password to Nextcloud - 7 upvotes, $0
  135. File access control rules not enforced on image files to Nextcloud - 6 upvotes, $150
  136. Stored XSS/HTML injection in autocomplete suggestions for sharing to Nextcloud - 6 upvotes, $100
  137. Event privacy level does not work in Thunderbird to Nextcloud - 6 upvotes, $100
  138. Android content provider exposes password-protected share password hashes to Nextcloud - 6 upvotes, $75
  139. Improper protection of FileContentProvider to Nextcloud - 6 upvotes, $50
  140. Expired SSL certificate to Nextcloud - 6 upvotes, $0
  141. Wordpress: Directory Traversal / Denial of Serivce to Nextcloud - 6 upvotes, $0
  142. Directory listening enabled in: 88.198.160.130 to Nextcloud - 6 upvotes, $0
  143. XSS on IOS app via HTML rendering to Nextcloud - 6 upvotes, $0
  144. Email Spoofing Vulnerability from nextcloud. to Nextcloud - 6 upvotes, $0
  145. Content spoofing due to the improper behavior of the 403 page to Nextcloud - 6 upvotes, $0
  146. Email Notification should be get while changing password on apps.nextcloud.com to Nextcloud - 6 upvotes, $0
  147. NextCloud is also Accepting OCTET-STREAM Type of Documents instead of jpg or Imge Files Only to Nextcloud - 6 upvotes, $0
  148. SQL exception in JSON format to Nextcloud - 6 upvotes, $0
  149. xmlrpc.php is enabled - Nextcloud to Nextcloud - 6 upvotes, $0
  150. Missing SPF flags for customerupdates.nextcloud.com to Nextcloud - 6 upvotes, $0
  151. Mail does not verify IMAP/SMTP host connected via TLS to Nextcloud - 6 upvotes, $0
  152. Leaked of Profile Image from URL changing to Nextcloud - 6 upvotes, $0
  153. Share owner has no possibility to list all existing derived shares to Nextcloud - 5 upvotes, $350
  154. Read-only share recipient can restore old versions of file to Nextcloud - 5 upvotes, $300
  155. Limitation of app specific password scope can be bypassed (NC-SA-2017-009) to Nextcloud - 5 upvotes, $300
  156. Talk - Leak of password-protected room name via already existent resource addition to Nextcloud - 5 upvotes, $150
  157. IDOR - Disable sharing to Nextcloud - 5 upvotes, $100
  158. More content spoofing through dir param in the files app to Nextcloud - 5 upvotes, $50
  159. Shared file link - password protection bypass under certain conditions to Nextcloud - 5 upvotes, $50
  160. nextcloud.com: Content Injection Custom 404 Error to Nextcloud - 5 upvotes, $0
  161. Password Reset Link issue to Nextcloud - 5 upvotes, $0
  162. Wordpress Version Disclosure Bug On Nextcloud to Nextcloud - 5 upvotes, $0
  163. URI scheme bypass in mail app lead to HTML content spoof and opener control to Nextcloud - 5 upvotes, $0
  164. Missing SPF Flags on nextcloud.com to Nextcloud - 5 upvotes, $0
  165. Drone Nextcloud to Nextcloud - 5 upvotes, $0
  166. Version 4.7.2 of wordpress is vulnerable to Nextcloud - 5 upvotes, $0
  167. Content Spoofing/Text Injection in nextcloud.com to Nextcloud - 5 upvotes, $0
  168. GIT Detected to Nextcloud - 5 upvotes, $0
  169. Content spoofing due to the improper behavior of the 403 page to Nextcloud - 5 upvotes, $0
  170. Dav sharing permissions issue to Nextcloud - 5 upvotes, $0
  171. Possible RCE to Nextcloud - 5 upvotes, $0
  172. Banner Grabbing - Apache Server Version Disclousure to Nextcloud - 5 upvotes, $0
  173. HTML injection with AutoComplete suggestions to Nextcloud - 5 upvotes, $0
  174. Vulnerable W3 Total Cache plugin version in use on nextcloud.com to Nextcloud - 5 upvotes, $0
  175. Passcode Protection in Android Devices Can be Bypassed. to Nextcloud - 5 upvotes, $0
  176. Missing DNSSEC to Nextcloud - 5 upvotes, $0
  177. HTML injection and limited XSS via logo image upload - Nextcloud 12.0.0 to Nextcloud - 5 upvotes, $0
  178. Email Spoofing to Nextcloud - 5 upvotes, $0
  179. SSRF on local storage of iOS mobile to Nextcloud - 5 upvotes, $0
  180. DOMPurify 0.8.9 released to Nextcloud - 5 upvotes, $0
  181. Filename enumeration && DoS to Nextcloud - 4 upvotes, $250
  182. Content Spoofing in "files" app to Nextcloud - 4 upvotes, $50
  183. nextcloud.com: Directory listening for 'wp-includes' forders to Nextcloud - 4 upvotes, $0
  184. Enumeration of subscribed users and unauthenticated email unsubscriptions on https://newsletter.nextcloud.com/?p=unsubscribe to Nextcloud - 4 upvotes, $0
  185. Email ID Disclosure. to Nextcloud - 4 upvotes, $0
  186. REG: Content provider information leakage to Nextcloud - 4 upvotes, $0
  187. stats.nextcloud.com: Content Injection to Nextcloud - 4 upvotes, $0
  188. help.nextcloud.com: Known DoS condition (null pointer deref) in Nginx running to Nextcloud - 4 upvotes, $0
  189. Bookmarks: Delete all existing bookmarks of a user to Nextcloud - 4 upvotes, $0
  190. Information Disclosure of .htaccess file in Private Server/Subdomain to Nextcloud - 4 upvotes, $0
  191. Content spoofing due to the improper behavior of the 403 page in Private Server to Nextcloud - 4 upvotes, $0
  192. [Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS to Nextcloud - 4 upvotes, $0
  193. Password reset link remains valid after email change to Nextcloud - 4 upvotes, $0
  194. Stored XSS on new Calling plugin (spreed) to Nextcloud - 4 upvotes, $0
  195. HTTP-Basic Authentication on logs.nextcloud.com to Nextcloud - 4 upvotes, $0
  196. Email Spoofing to Nextcloud - 4 upvotes, $0
  197. Review remote code execution in SwiftMailer to Nextcloud - 4 upvotes, $0
  198. Bypassing quota limit to Nextcloud - 4 upvotes, $0
  199. Clickjacking In https://demo.nextcloud.com to Nextcloud - 4 upvotes, $0
  200. Missing Rate Limiting protection leading to mass triggering of e-mails to Nextcloud - 4 upvotes, $0
  201. Information Exposure Through Directory Listing to Nextcloud - 4 upvotes, $0
  202. Stored XSS on scan.nextcloud.com to Nextcloud - 4 upvotes, $0
  203. Unauthenticated 'display name' information leak on enumeration of login names to Nextcloud - 4 upvotes, $0
  204. potential RCE and XSS via file upload requiring user account and default settings to Nextcloud - 4 upvotes, $0
  205. Full path disclosure vulnerability via Upload .htaccess file to Nextcloud - 4 upvotes, $0
  206. Anonymous file drop page ignores user profile visibility restrictions to Nextcloud - 4 upvotes, $0
  207. Social App does not validate server certificates for outgoing connections to Nextcloud - 4 upvotes, $0
  208. Reflected Self-XSS Vulnerability in the Comment section of Files Information to Nextcloud - 3 upvotes, $100
  209. Vulnerable Javascript library to Nextcloud - 3 upvotes, $0
  210. No captcha on newsletter.nextcloudcom leaves vulnerable to email spammers to Nextcloud - 3 upvotes, $0
  211. Content Spoofing/Text Injection - docs.nextcloud.org to Nextcloud - 3 upvotes, $0
  212. Business/Functional logic bypass: Remove admins from admin group. to Nextcloud - 3 upvotes, $0
  213. Content injection in subdomain to Nextcloud - 3 upvotes, $0
  214. WordPress Vulnerabilities: User Enumeration, Vulnerable Akismet Plugin, XML-RPC Interface available to Nextcloud - 3 upvotes, $0
  215. newsletter.nextcloud.com: Bypass firewall protection to Nextcloud - 3 upvotes, $0
  216. Avatar image upload and bypass real image verification to Nextcloud - 3 upvotes, $0
  217. xss for admin of https://newsletter.nextcloud.com to Nextcloud - 3 upvotes, $0
  218. SSRF at apps.nextcloud.com/developer/apps/releases/new to Nextcloud - 3 upvotes, $0
  219. Information disclosure to Nextcloud - 3 upvotes, $0
  220. Nextcloud Server Remote Command Execution to Nextcloud - 3 upvotes, $0
  221. Banner Grabbing - Apache Server Version Disclosure to Nextcloud - 3 upvotes, $0
  222. Retrieval and alteration of exposed media on Android Oreo to Nextcloud - 3 upvotes, $0
  223. LDAP login possible even though account doesn't match user filter to Nextcloud - 3 upvotes, $0
  224. W3 Total Cache plugin multiple vulnerabilities to Nextcloud - 3 upvotes, $0
  225. SignUp using Fake Email to Nextcloud - 3 upvotes, $0
  226. Veracode and security audit record are publicly available to Nextcloud - 3 upvotes, $0
  227. Persistent XSS on favorite via filename to Nextcloud - 3 upvotes, $0
  228. Missing X-Content-Type-Options to Nextcloud - 3 upvotes, $0
  229. **minor issue ** -Nextcloud 10.0 session issue with desktop client and android client to Nextcloud - 3 upvotes, $0
  230. Contacts menu (not app) fails to restrict (to local groups) for contacts from federated servers to Nextcloud - 3 upvotes, $0
  231. RTLO character allowed in shared files to Nextcloud - 3 upvotes, $0
  232. Recently change email but still login with old email to Nextcloud - 3 upvotes, $0
  233. PIN for passwordless WebAuthn is asked for but not verified to Nextcloud - 3 upvotes, $0
  234. Downgrade encryption scheme and break integrity through known-plaintext attack to Nextcloud - 3 upvotes, $0
  235. Circle email-members have still access to a shared folder/file after they are removed from the circle to Nextcloud - 2 upvotes, $200
  236. Nextcloud server software: Content Spoofing to Nextcloud - 2 upvotes, $50
  237. Missing memory corruption protection on Windows release built to Nextcloud - 2 upvotes, $50
  238. help.nextcloud.com: Session Management Issue to Nextcloud - 2 upvotes, $0
  239. Directory Listing On download.nextcloud.com & Practical Attacks on PGP (Pretty Good Privacy) to Nextcloud - 2 upvotes, $0
  240. https://newsletter.nextcloud.com Directory listening and Information Disclosure to Nextcloud - 2 upvotes, $0
  241. Lost Password CSRF to Nextcloud - 2 upvotes, $0
  242. Content Spoofing to Nextcloud - 2 upvotes, $0
  243. Content Injection 404 page to Nextcloud - 2 upvotes, $0
  244. Content Injection in subdomain to Nextcloud - 2 upvotes, $0
  245. No rate limiting on password protected shared file link to Nextcloud - 2 upvotes, $0
  246. Deny access to download.nextcloud.com + folders to Nextcloud - 2 upvotes, $0
  247. nextcloud.com: Mail Bombing ( No Rate Limiting On Sending Emails On Contact us Page) to Nextcloud - 2 upvotes, $0
  248. Content Injection - apps.nextcloud.com to Nextcloud - 2 upvotes, $0
  249. Content spoofing in cloud.nextcloud.com to Nextcloud - 2 upvotes, $0
  250. Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads) to Nextcloud - 2 upvotes, $0
  251. demo.nextcloud.com: Content spoofing due to default Apache Error Page to Nextcloud - 2 upvotes, $0
  252. Arbitrary File Upload in Logo & Log in image Theming setting. to Nextcloud - 2 upvotes, $0
  253. Nextcloud.com is vulnerable to SWEET32 attack to Nextcloud - 2 upvotes, $0
  254. Server version/OS type disclosure via HTTP Response Header to Nextcloud - 2 upvotes, $0
  255. CSRF token validation is missing to Nextcloud - 2 upvotes, $0
  256. information disclose to Nextcloud - 2 upvotes, $0
  257. Content (Text) Injection at https://nextcloud.com to Nextcloud - 2 upvotes, $0
  258. Share tokens for public calendars disclosed (NC-SA-2017-011) to Nextcloud - 2 upvotes, $0
  259. Stored XSS in Gallery application (NC-SA-2017-010) to Nextcloud - 2 upvotes, $0
  260. ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service) to Nextcloud - 2 upvotes, $0
  261. Disclosed Version of PORTS SSH|HTTP|SSL to Nextcloud - 2 upvotes, $0
  262. Accessing to download.nextcloud.com from original ip adreess | insecure Download to Nextcloud - 2 upvotes, $0
  263. XSS On Nextcloud Integrated with zimbra drive to Nextcloud - 2 upvotes, $0
  264. Github repo's wiki publicly editable to Nextcloud - 2 upvotes, $0
  265. Nextcloud logs ldap passwords to Nextcloud - 2 upvotes, $0
  266. The password of a mail share is not hashed if the password is given when the share is created to Nextcloud - 2 upvotes, $0
  267. Improper integrity protection of server-side encryption keys to Nextcloud - 2 upvotes, $0
  268. Improper access control to messages of Social app to Nextcloud - 2 upvotes, $0
  269. Bruteforce attack is possible on newsletter.nextcloud.com to Nextcloud - 1 upvotes, $0
  270. No permission set on Activities [Android App] to Nextcloud - 1 upvotes, $0
  271. The application uses basic authentication. to Nextcloud - 1 upvotes, $0
  272. Content Injection - demo.nextcloud.com to Nextcloud - 1 upvotes, $0
  273. demo.nextcloud.com: Content spoofing due to default Apache Error Page to Nextcloud - 1 upvotes, $0
  274. Slow Http attack on nextcloud(DOS) to Nextcloud - 1 upvotes, $0
  275. xss on demo.nextcloud.com due to outdated version to Nextcloud - 1 upvotes, $0
  276. BruteForce in to Admin Account to Nextcloud - 1 upvotes, $0
  277. Login Hints on Admin Panel to Nextcloud - 1 upvotes, $0
  278. [Nextcloud 9.0.53] Content Spoofing in 'trustDomain' parameter to Nextcloud - 1 upvotes, $0
  279. failure to invalidate session on password change to Nextcloud - 1 upvotes, $0
  280. The email API to reset password is unlimited and can be used as a email bomb to Nextcloud - 1 upvotes, $0
  281. The email API to test email-server settings is unlimited and can be used as a email bomb to Nextcloud - 1 upvotes, $0
  282. Cross Site Scripting to Nextcloud - 1 upvotes, $0
  283. Possible SSRF in email server settings(SMTP mode) to Nextcloud - 1 upvotes, $0
  284. Directory Listing In Subdomain Of nextcloud.com to Nextcloud - 1 upvotes, $0
  285. Clickjacking on https://download.nextcloud.com/ to Nextcloud - 1 upvotes, $0
  286. Clickjacking on https://download.nextcloud.com to Nextcloud - 1 upvotes, $0
  287. Nextcloud Clickjacking Vulnerability to Nextcloud - 1 upvotes, $0
  288. Bruteforce in admin panel to Nextcloud - 1 upvotes, $0
  289. Password authentication at newsletter.nextcloud.com discloses username list to Nextcloud - 1 upvotes, $0
  290. Bypass configured 2FA provider with another provider that can be set up at login to Nextcloud - 1 upvotes, $0
  291. WebDAV Empty Property search leads to full CPU usage to Nextcloud - 1 upvotes, $0
  292. Denial of Service when entring an Array in email at seetings to Nextcloud - 1 upvotes, $0
  293. Improper confidentiality protection of server-side encryption keys to Nextcloud - 1 upvotes, $0
  294. Ubuntu 12.04 Privilege Escalation to Nextcloud - 0 upvotes, $0
  295. Information Exposure Through Directory Listing - https://apps.nextcloud.com/static/ to Nextcloud - 0 upvotes, $0
  296. WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED) to Nextcloud - 0 upvotes, $0
  297. Clickjacking on https://nextcloud.com/ to Nextcloud - 0 upvotes, $0
  298. Username Enumeration to Nextcloud - 0 upvotes, $0
  299. Broken link for wrong domain entry may be leveraged for Phishing, Misinformation, Serving Malware to Nextcloud - 0 upvotes, $0
  300. Bypass hide download Nextcloud Share to Nextcloud - 0 upvotes, $0

Back