4969 matches found
CVE-2020-8140
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...
CVE-2020-8140
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...
CVE-2020-8140
CVE-2020-8140 affects Nextcloud Desktop Client for macOS (version 2.6.2). A code injection flaw arises when DYLD_INSERT_LIBRARIES is set in the environment, allowing loading of arbitrary code at startup and enabling code execution in the Nextcloud process. The vulnerability is demonstrated in mul...
CVE-2020-8140
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the environment...
CVE-2020-8139
CVE-2020-8139 affects Nextcloud Server versions older than 18.0.1, 17.0.4 and 16.0.9, where a missing access control check allows hide-download shares to be downloaded when the URL is appended with /download. Connected documents confirm this is a remote access control vulnerability with potential...
CVE-2020-8139
A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...
CVE-2020-8138
CVE-2020-8138: Nextcloud Server is vulnerable to a Server-Side Request Forgery (SSRF) when subscribing to a malicious calendar URL due to a missing check for IPv4 nested inside IPv6. Affected versions are Nextcloud Server < 17.0.1, < 16.0.7, and
CVE-2020-8138
A missing check for IPv4 nested inside IPv6 in Nextcloud server 17.0.1, 16.0.7, and 15.0.14 allowed a Server-Side Request Forgery SSRF vulnerability when subscribing to a malicious calendar URL...
PT-2020-19976 Ā· Nextcloud Ā· Nextcloud Desktop Client
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.2 Description: A code injection issue allows loading arbitrary code when starting the client with DYLD INSERT LIBRARIES set in the environment. Recommendations: For Nextcloud Desktop Client version 2.6.2, ...
Missing ownership check on remote wipe endpoint (NC-SA-2020-018)
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...
XSS in Files PDF viewer (NC-SA-2020-019)
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...
Nextcloud -- multiple vulnerabilities
Nextcloud reports: XSS in Files PDF viewer NC-SA-2020-019 Missing ownership check on remote wipe endpoint NC-SA-2020-018...
Nextcloud: PHPUnit is included in groupfolders release package potentially causing RCE
The groupfolders tarball contains the phpunit code in the vendor directory https://github.com/nextcloud/groupfolders/releases/download/v6.0.2/groupfolders.tar.gz . As discussed on https://thephp.cc/news/2020/02/phpunit-a-security-risk this really is a potential security risk. The phpunit code...
Nextcloud: XSS in PDF Viewer
An outdated version of PDF.js in use allows for the CVE-2018-5158 vulnerability. When the payload PDF is shown in the supplied PDF viewer, it can execute arbitrary JavaScript. I have tested the payload PDF, and it is working in the Safari 13.0.5 the latest version and Firefox 74.0 the latest...
Nextcloud: Missing ownership check on remote wipe endpoint
On settings/user/security You can mark a device for wipe out that does not belong to you. Steps: 1. Create 2 accounts one for the hacker and one for the victim 2. On both accounts add devices with different names 3. On the hacker account, while intercepting with burpsuite, select the option to wi...
Nextcloud: Denial of Service by requesting to reset a password
Description: I believe that this is posible due to the brute force protection that makes all request last for 30 seconds which in this case is using all the PHP workers avalible in the pool, so the only way to defend yourself is setting up a limit or having a lot of resources. How to reproduce: I...
Nextcloud: xss on setup config page
Nextcloud version: 18.0.1 In setup config pageļ¼setting mysql Username with payloadalert1, and set others. F739076 then submit . F739077 this gif will show poc: F739069 Impact This is because the code does not filter dangerous characters. so dangerous characters need to be escaped...
openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)
This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : - CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8846: Fixed a use-after-free issue bsc1161719. -...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:0278-1 Rating: important References: 1159329 1161719 1163809 Cross-References: CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Affected...
Nextcloud: Unrestricted file upload on the image of contacts
When uploading an image for a contact, on the file upload pop up window it shows that it can accept all files of any data type. For my testing I uploaded a sample executable, named 'SimpleCrackMe.exe' which doesn't do really do anything without passing parameters to it on a terminal when running...