CVE-2019-15620
https://notcve.org/view.php?id=CVE-2019-15620
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. Un control de acceso inapropiado en Nextcloud Talk versión 6.0.3, filtra la existencia y el nombre de las conversaciones privadas cuando son vinculadas a otro elemento compartido por medio de la funcionalidad projects. • https://hackerone.com/reports/662218 https://nextcloud.com/security/advisory/?id=NC-SA-2020-011 • CWE-287: Improper Authentication •
CVE-2018-3781
https://notcve.org/view.php?id=CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. La falta de saneamiento de los resultados de búsqueda para un campo de autocompletado en NextCloud Talk en versiones anteriores a la 3.2.5 podría provocar un Cross-Site Scripting (XSS) persistente que requiera la interacción del usuario. La falta de saneamiento solo afectaba a los nombres de usuario, por lo que los resultados de búsqueda maliciosos solo pueden ser manipulados por los usuarios autenticados. • https://hackerone.com/reports/383117 https://nextcloud.com/security/advisory/?id=NC-SA-2018-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4153
https://notcve.org/view.php?id=CVE-2008-4153
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information. El módulo Talk 5.x y versiones anteriores a 5.x-1.3 y 6.x y versiones anteriores a 6.x-1.5, para Drupal, no realiza comprobación de acceso para un nodo antes de mostrar comentarios, lo que permite a los atacantes remotos obtener información delicada. • http://drupal.org/node/309758 http://secunia.com/advisories/31908 http://www.securityfocus.com/bid/31236 http://www.vupen.com/english/advisories/2008/2615 https://exchange.xforce.ibmcloud.com/vulnerabilities/45223 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4152
https://notcve.org/view.php?id=CVE-2008-4152
Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Talk 5.x y versiones anteriores a 5.x-1.3 y 6.x versiones anteriores a 6.x-1.5, para Drupal, permite a los usuarios autenticados remotamente insertar arbitrariamente una secuencia de comandos web o HTML a través del nodo título. • http://drupal.org/node/309758 http://secunia.com/advisories/31908 http://www.securityfocus.com/bid/31236 http://www.vupen.com/english/advisories/2008/2615 https://exchange.xforce.ibmcloud.com/vulnerabilities/45222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-3678
https://notcve.org/view.php?id=CVE-2005-3678
Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. • http://marc.info/?l=bugtraq&m=113156797404902&w=2 http://marc.info/?l=bugtraq&m=113200923423283&w=2 http://www.securityfocus.com/bid/15369 https://exchange.xforce.ibmcloud.com/vulnerabilities/23041 • CWE-20: Improper Input Validation •