Nextcloud 17 - Cross-Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the industry-leading, on-premises content collaboratio...

Nextcloud 17 - Cross-Site Request Forgery

Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

Nextcloud: Bypass configured 2FA provider with another provider that can be set up at login

In Nextcloud 17 there is the possibility to set up 2FA providers at login. A missing check allows the following steps 1 Enforce 2FA for all users 2 As a user, configure a 2FA provider via settings or at login 3 Log out 4 Log in again password only 5 When prompted with the earlier set up provider,...

Duplicate setup of second factor allowed (NC-SA-2020-006)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...

Nextcloud: Docker image with FPM is vulnerable to CVE-2019-11043

The CVE-2019-11043 vulnerability can be exploited in the latest nextcloud:fpm image. This is due to the specific nginx configuration recommended for nextcloud: https://github.com/nextcloud/dockerbase-version---fpm...

File-drop content is visible through the gallery app (NC-SA-2019-012)

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...

Nextcloud: File-drop content is visible through the gallery app

I set up a file-drop on NC 17 btw, according to https://nextcloud.com/security/ NC17 is not covered - but it should be once it's released!: created folder, set share as upload-only. I access that folder as https://cloud.domain.com/s/randompath - fine: I get the upload interface and cannot see...

Video_Converter app denial of service vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.VideoConverter app is a video file format converter. A denial of service vulnerability exists in VideoConverter app version 0.1.0 for Nextcloud, which...

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

Design/Logic Flaw

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

CVE-2019-18214

The CVE-2019-18214 entry concerns the Video_Converter app 0.1.0 for Nextcloud. The underlying issue is a denial-of-service condition caused by running many FFmpeg processes concurrently; the workload is not serialized, allowing CPU and memory usage to spike. Affected component is the Video_Conver...

CVE-2019-18214

The VideoConverter app 0.1.0 for Nextcloud allows denial of service CPU and memory consumption via multiple concurrent conversions because many FFmpeg processes may be running at once. The workload is not queued for serial execution...

Nextcloud: Only the file extensions are checked, not the MIME types as configured

The tool is not working as hoped. File access control speaks of MIME types that are blocked or not blocked. In fact, only the file extensions are checked. If a user renames an unauthorized file to an allowed file, he can upload and download it. The MIME type of the current file is insignificant,...

Nextcloud: Exposing debug.log file leads to server full path disclosure

At the following address i have found debug.log file disclose the application full path on the server. https://nextcloud.com/wp-content/debug.log Impact The server should not expose this log file as it could help an attacker to understand the environment that may lead to further attacks...

Nextcloud: WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED)

because in the burp suite, the build request is complicated, I only use curl 1. Create file index.html and index.php Index.html : Hello world Index.php : 2. Once created enter into .zip COMPRESS 3. LETS UPLOAD CURL : curl site.com/index.php/wp-json/articulate/v1/upload-data -F "name=NAMAFILE" -F...

Nextcloud: Directory listing is enabled that exposes non public data through multiple path

Directory Listing is enabled on https://try.nextcloud.com and it shows out a few files on the server + The server version. POC: https://try.nextcloud.com/assets/ https://try.nextcloud.com/css/ https://try.nextcloud.com/js/ Impact This could leak sensitive information on the server and it also...

Missing default timeout on HTTP requests (NC-SA-2020-005)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...

Nextcloud: Clear text storage of proxy parameters and passwords

Proxy settings of the Nextcloud desktop client were not stored in a save way, instead they where just base64 encoded stored in the nextcloud.cfg file...

Nextcloud: XSS in desktop client via invalid server address on login form

Team! I have found this vulnerability that in my time would be called "cross zone" but at the moment I don't know. The problem is found in the latest version of "nextcloud.exe" for your windows version. The problem occurs with the initial screen where you ask to connect to a website. Apparently...