Nextcloud: [Nextcloud 9.0.53] Content Spoofing in 'trustDomain' parameter

@ahsantahir reported a low severity content spoofing vulnerability in an administrative component. We've mitigated the issue as a hardening in our upcoming Nextcloud 11 release and would like to thank @ahsantahir for reporting this issue to us. On request of the reporter this issue is only...

Nextcloud: Content spoofing in cloud.nextcloud.com

@ahsantahir reported a content spoofing vulnerability in cloud.nextcloud.com caused by it's Apache configuration. This has been changed by adding the following to the Apache config: ErrorDocument 404 "File not ErrorDocument 403 "Access forbidden." On request of the reporter, this issue is only...

Nextcloud: Information disclosure

Hello Nextcloud go to https://help.nextcloud.com/users/.json for example https://help.nextcloud.com/users/amirie.json you can see the user information...

Edit permission check not enforced on WebDAV COPY action - ownCloud

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. Affected Software ownCloud Server 9.0.4 CVE-2016-????...

Read-only share recipient can restore old versions of file (NC-SA-2016-005)

The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions...

Nextcloud: Content (Text) Injection at NextCloud Server 9.0.52 - via http://custom_nextcloud_url/remote.php/dav/files/

Dear Next Cloud Security Team, I would like to report an issue. This is not a critical issue since the affect and not even "touch" something sensitive that stored at the server via the application. As a summary, this is issue need the user interaction for exploiting the "target". So, based on thi...

Nextcloud: [Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS

I found stored XSS vulnerability in nextcloud server's chat module Nextcloud Server version - 9.0.51 OS - Ubuntu 14.0.4 Browser - Internet Explorer 11 Steps: 1 Login as non-admin userattacker and change full name containing XSS payload - elamaran'"alertdocument.domain 2 Login as...

ownCloud/Nextcloud Unprotected Data Directory (HTTP)

ownCloud/Nextcloud is exposing an unprotected data directory. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Nextcloud: No Rate Limiting on stats.nextcloud.com login

There is no defenses or any lockout mechanism on stats.nextcloud.com login , a malicious minded user can continue guessing an account password limitless, and this might cause to completely compromised the site. Recommendation: Put a rate limit or a any lockout mechanism Regards Japz...

Nextcloud: Deny access to download.nextcloud.com + folders

hi, you should to deny access here: https://download.nextcloud.com/ + all folders because everyone can see your files on the server. this is not a bug, but it's important to keep secret your files. to resolve this issue: In an .htaccess file you need to use: Deny from all regards armfox97...

Nextcloud: Log pollution can lead to HTML Injection.

Hi Team, I was looking around in your app and on the log part accessed by the admin, I noticed that the log file is downloaded as an HTML file. Naturally I started trying to inject code I noticed that when HTML code is inserted, a HTML comment start tag is inserted. But I was able to bypass this...

Nextcloud: REG: Content provider information leakage

Issue : While analyzing your code of manifest.xml i found a issue related to content provider information leakage . Issue description : Your content provider settings will allowing any other app on the device to access it AndroidManifest.xml. You should modify the attribute to exported="false" or...

Nextcloud: Authentication Issue

UserA creates a password protected share 2. UserA shares this link with UserB 3. UserB accessed the share with the password 4. UserA changes the password 5. Now userB can still access the share. At step 5 userB should be prompted to authenticate again...

Nextcloud: Email ID Disclosure.

Hey There When A User Share Link With EMAIL TO A PERSON Option. Screenshot Reveals User's Email Address. Steps To Repro: 1 Type Any Username Their that Exists. Screenshot 2 You Will See Email Disclosed. Thanks :...

Nextcloud: WordPress Vulnerabilities: User Enumeration, Vulnerable Akismet Plugin, XML-RPC Interface available

User Enumeration: It is possible to enumerate four WordPress usernames jancborchardt, jos, lukasreschke, frank. An attacker can use these username to carry out brute-force attack in order to forcefully authenticate. 2. Akismet Plugin2.5.0-3.1.4 vulnerable to unauthenticated Stored Cross Site...

Nextcloud: Read-only share recipient can restore old versions of file

The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions. A detailed advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2016-005. ------ Thanks a lot,...

Nextcloud: Uploading files to a folder where invited user don't have any EDIT privilege

Hi, Any invited user to a shared folder with no edit privilege can create files in it through copy feature of Nextclod android app. Steps to reproduce it + Create any folder and invite a user in it without any edit privilege. + Now login from invited user account through android app. + Copy any...

Nextcloud: Password reset link remains valid after email change

Hey! I found a token miss configuration flaw in Nextcloud 9.0.50 Latest version, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from control panel then too that old token reset link sent at old email addres...

Nextcloud: Content Injection in subdomain

Hi there, PoC URL: https://updates.nextcloud.org/.htacess%20Content%20Injection%20test If you need more information, let me know. Thanks!...

Nextcloud: Content injection in subdomain

Hi there, PoC URL: https://download.nextcloud.com/.htacess%20Content%20Injection%20test If you need more information, let me know. Thanks!...