Stored XSS in CardDAV image export (NC-SA-2016-008)

The CardDAV image export functionality as implemented in Nextcloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.Note: Nextcloud employs a very strict Content Security...

Reflected XSS in Gallery application (NC-SA-2016-009)

The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability...

Nextcloud: Filename enumeration && DoS

@secator reported some enumeration and DoS related issue in Nextcloud Server to us. On request of the reporter the issue has only been disclosed limitedly...

Nextcloud: Bad content-type in response header when getting document can lead to html injection

Bug When request document by genesisid or filename, the content-type field in response header is 'text/html'. And the document content can be anything. So if we upload an odt file with html format and share with other users, it can lead to html injection when others request that file. PoC - img1...

Nextcloud: Bypassing quota limit

Hi an user can upload files despite having a limited quota by changing value of "OC-Total-Length" in header to "A" or adding "X-Expected-Entity-Length" in header with "A" value in normal insuffisant storage we have: PUT /remote.php/webdav/a.jpg HTTP/1.1 Content-Type: application/octet-stream...

Nextcloud 'share.js' Gallery Application XSS Vulnerability - Windows

Nextcloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud 'share.js' Gallery Application XSS Vulnerability - Linux

Nextcloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Detection (HTTP)

HTTP based detection of Nextcloud. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809413";...

Nextcloud: Content spoofing in lookup.nextcloud.com

Scenerio An attacker can include any arbitrary text using specially crafted nextcloud url. This is done using character /%0d%0a. Steps 1 Attacker distributed the below url by means of spamming or through his website...

OwnCloud Server and Nextcloud Server Cross-Site Scripting Vulnerabilities

OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany.Nextcloud is an open source self-hosted file synchronization and sharing communication application platform.OwnCloud Server and Nextcloud Server are both a server version of one of them. A cross-site scriptin...

CVE-2016-7419

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

CVE-2016-7419

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

Cross site scripting

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

CVE-2016-7419

Cross-site scripting XSS vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name...

CVE-2016-7419

Affected software and scope: CVE-2016-7419 is an XSS vulnerability in the share.js file of the gallery application used by ownCloud Server < 9.0.4 and Nextcloud Server

Nextcloud: Bypass permissions

@secator reported some permission related issues in Nextcloud Server to us. On request of the reporter the issue has only been disclosed limitedly...

Nextcloud: Unauthenticated Stored xss

Ohio NextCloud-Sec Team! i know this might be out of scope but i thought i should tell you no lies i thought i'd get more reputation points out of the words , here what i'm pointing at: Details: ======== ! Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting XSS Reference:...

Nextcloud: Android - Possible to intercept broadcasts about uploaded files

Hi. There are the moments of sending unprotected broadcasts https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.javaL1170 https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.javaL1116...

Nextcloud: Privilege escalation - Normal user can somehow make admin to delete shared folders

@etd reported an issue to us which had already been reported to us an independent party via our public bug tracker. Thus we were not able to qualify this for a monetary reward. However, we'd like to thank @etd for their report! – On request of the reporter, this issue is only disclosed limitedly...

Nextcloud: Reflected XSS in Gallery App

Go to: nextcloud/index.php/apps/gallery/%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3Ejavascript:alert%280%29//%00 Tested on: Firefox 43.0.1 If you need more information then write me...