TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2016-9467

N/A

Beschreibung

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

CVE Details

CVSS v3.1 BewertungN/A
Veroffentlicht3/28/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

nextcloud:nextcloud_serverowncloud:owncloud

Schwachen (CWE)

CWE-451CWE-284

Referenzen

https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(support@hackerone.com)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(support@hackerone.com)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(support@hackerone.com)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(support@hackerone.com)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(support@hackerone.com)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(support@hackerone.com)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(support@hackerone.com)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(support@hackerone.com)
https://hackerone.com/reports/154827(support@hackerone.com)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(support@hackerone.com)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(support@hackerone.com)
https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/154827(af854a3a-2127-422b-91ae-364da2661108)
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010(af854a3a-2127-422b-91ae-364da2661108)
https://owncloud.org/security/advisory/?id=oc-sa-2016-020(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.