|
264601
|
6.1 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the N…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9466
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264602
|
5.4 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud all…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9465
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264603
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users a…
|
CWE-285
Improper Authorization
|
CVE-2016-9464
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264604
|
8.1 |
HIGH
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enable…
|
CWE-287
Improper Authentication
|
CVE-2016-9463
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264605
|
4.3 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying wheth…
|
CWE-284
Improper Access Control
|
CVE-2016-9462
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264606
|
4.3 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on…
|
CWE-284
Improper Access Control
|
CVE-2016-9461
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264607
|
5.3 |
MEDIUM
Network
|
nextcloud
owncloud
|
nextcloud
owncloud
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. …
|
CWE-284
Improper Access Control
|
CVE-2016-9460
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264608
|
6.1 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9459
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264609
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9457
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264610
|
8.8 |
HIGH
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other pote…
|
CWE-352
Origin Validation Error
|
CVE-2016-9456
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
