CVE-2016-9467: CVE-2016-9467

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-9467

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键信息的UI错误表达

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nextcloud Server和ownCloud Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ownCloud是德国ownCloud公司的一套免费且开源的个人云存储解决方案。Nextcloud是一套开源的自托管文件同步和共享的通信应用平台。ownCloud Server和Nextcloud Server都是其中的一个服务器版。 Nextcloud Server和ownCloud Server中的files应用程序存在安全漏洞，该漏洞源于程序没有验证传递的参数。攻击者可借助无效的链接利用该漏洞向用户显示特制的错误信息。以下产品和版本受到影响：Nextcloud Server 9.0.54之前的版本，

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2	-

II. Public POCs for CVE-2016-9467

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-9467

Please Login to view more intelligence information

https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960x_refsource_MISC
https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175ax_refsource_MISC
https://owncloud.org/security/advisory/?id=oc-sa-2016-020x_refsource_MISC
https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071x_refsource_MISC
https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013x_refsource_MISC
https://nextcloud.com/security/advisory/?id=nc-sa-2016-010x_refsource_MISC
https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1x_refsource_MISC
https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2dx_refsource_MISC
https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4x_refsource_MISC
https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14x_refsource_MISC
https://hackerone.com/reports/154827x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2016-9467

IV. Related Vulnerabilities

Same product: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2

CVE-2016-9468
Nextcloud Server和ownCloud Server 安全漏洞

Same vendor: n/a

Same weakness: CWE-451

V. Comments for CVE-2016-9467

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2016-9467

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-9467

III. Intelligence Information for CVE-2016-9467

IV. Related Vulnerabilities

V. Comments for CVE-2016-9467

Leave a comment