|
971
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the inter…
Update
|
CWE-284
Improper Access Control
|
CVE-2024-52514
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Tex…
Update
|
CWE-200
Information Exposure
|
CVE-2024-52513
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
- |
|
-
|
-
|
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It …
Update
|
-
|
CVE-2024-52512
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
- |
|
-
|
-
|
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no ac…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-52511
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
- |
|
-
|
-
|
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-52510
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
- |
|
-
|
-
|
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This …
Update
|
CWE-284
Improper Access Control
|
CVE-2024-52509
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
- |
|
-
|
-
|
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support aut…
Update
|
CWE-200
Information Exposure
|
CVE-2024-52508
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
- |
|
-
|
-
|
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limite…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-52507
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL
Update
|
-
|
CVE-2024-50800
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
- |
|
-
|
-
|
GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document cont…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47759
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
