Test ID:	1.3.6.1.4.1.25623.1.0.106703
Category:	Web application abuses
Title:	Nextcloud Multiple Vulnerabilities - Linux
Summary:	Nextcloud is prone to multiple vulnerabilities.
Description:	Summary: Nextcloud is prone to multiple vulnerabilities. Vulnerability Insight: Nextcloud is prone to multiple vulnerabilities: - SMB user Authentication bypass (CVE-2016-9463) - Content spoofing in the files app (CVE-2016-9467) - Content spoofing in the dav app (CVE-2016-9468) Affected Software/OS: Nextcloud Server prior to 9.0.54 and prior to 10.0.1 Solution: Update 9.0.54, 10.0.1 or later versions. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9463 https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274 https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087 https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791 https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732 https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3 https://hackerone.com/reports/148151 https://nextcloud.com/security/advisory/?id=nc-sa-2016-006 https://owncloud.org/security/advisory/?id=oc-sa-2016-017 https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/ Common Vulnerability Exposure (CVE) ID: CVE-2016-9467 https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960 https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013 https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1 https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14 https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071 https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4 https://hackerone.com/reports/154827 https://nextcloud.com/security/advisory/?id=nc-sa-2016-010 https://owncloud.org/security/advisory/?id=oc-sa-2016-020 Common Vulnerability Exposure (CVE) ID: CVE-2016-9468 https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35 https://hackerone.com/reports/149798 https://nextcloud.com/security/advisory/?id=nc-sa-2016-011 https://owncloud.org/security/advisory/?id=oc-sa-2016-021
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.