Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:ICS Operations (& Maintenance): Human factors in ICS environments
Category ID:1379
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
154Vulnerabilities found
CVE-2016-9460
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.64%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloudNextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9468
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.23%
||
7 Day CHG-0.02%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloud_serverNextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9473
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-4.7||MEDIUM
EPSS-1.21% / 78.70%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

Action-Not Available
Vendor-braven/a
Product-browserBrave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-9467
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 77.14%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloud_serverNextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next