TROYANOSYVIRUS
Volver a CVEs

CVE-2016-9467

N/A

Descripcion

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Detalles CVE

Puntuacion CVSS v3.1N/A
Publicado3/28/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

nextcloud:nextcloud_serverowncloud:owncloud

Debilidades (CWE)

CWE-451CWE-284

Referencias

https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(support@hackerone.com)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(support@hackerone.com)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(support@hackerone.com)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(support@hackerone.com)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(support@hackerone.com)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(support@hackerone.com)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(support@hackerone.com)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(support@hackerone.com)
https://hackerone.com/reports/154827(support@hackerone.com)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(support@hackerone.com)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(support@hackerone.com)
https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/154827(af854a3a-2127-422b-91ae-364da2661108)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(af854a3a-2127-422b-91ae-364da2661108)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.