4998 matches found
Nextcloud: REG: Content provider information leakage
Issue : While analyzing your code of manifest.xml i found a issue related to content provider information leakage . Issue description : Your content provider settings will allowing any other app on the device to access it AndroidManifest.xml. You should modify the attribute to exported="false" or...
Nextcloud: Authentication Issue
UserA creates a password protected share 2. UserA shares this link with UserB 3. UserB accessed the share with the password 4. UserA changes the password 5. Now userB can still access the share. At step 5 userB should be prompted to authenticate again...
Nextcloud: Email ID Disclosure.
Hey There When A User Share Link With EMAIL TO A PERSON Option. Screenshot Reveals User's Email Address. Steps To Repro: 1 Type Any Username Their that Exists. Screenshot 2 You Will See Email Disclosed. Thanks :...
Nextcloud: WordPress Vulnerabilities: User Enumeration, Vulnerable Akismet Plugin, XML-RPC Interface available
User Enumeration: It is possible to enumerate four WordPress usernames jancborchardt, jos, lukasreschke, frank. An attacker can use these username to carry out brute-force attack in order to forcefully authenticate. 2. Akismet Plugin2.5.0-3.1.4 vulnerable to unauthenticated Stored Cross Site...
Nextcloud: Read-only share recipient can restore old versions of file
The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions. A detailed advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2016-005. ------ Thanks a lot,...
Nextcloud: Uploading files to a folder where invited user don't have any EDIT privilege
Hi, Any invited user to a shared folder with no edit privilege can create files in it through copy feature of Nextclod android app. Steps to reproduce it + Create any folder and invite a user in it without any edit privilege. + Now login from invited user account through android app. + Copy any...
Nextcloud: Password reset link remains valid after email change
Hey! I found a token miss configuration flaw in Nextcloud 9.0.50 Latest version, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from control panel then too that old token reset link sent at old email addres...
Nextcloud: Content Injection in subdomain
Hi there, PoC URL: https://updates.nextcloud.org/.htacess%20Content%20Injection%20test If you need more information, let me know. Thanks!...
Nextcloud: Content injection in subdomain
Hi there, PoC URL: https://download.nextcloud.com/.htacess%20Content%20Injection%20test If you need more information, let me know. Thanks!...
Nextcloud: Content Spoofing/Text Injection - docs.nextcloud.org
Issue: ====== Hey, I've found content spoofing also known as "Text Injection" in your sub-domain docs.nextcloud.org URL: ------- Here is the malicious URL: https://docs.nextcloud.org/.htacessCONTENT%20SPOOFING%20BY%20AHSAN Fix: Use custom 403 error page which doesn't contain user's text! I hope...
Nextcloud: Content Injection 404 page
Hi there, Similar as report 145344 and 145532 it's possbile to spoof the 404 page using http. PoC URL: http://nextcloud.com/has%2f%20been%20changed%20to%20https://www.ATTACKER.COM.%20so%20please%20visit%20https://www.ATTACKER.COM%20as%20your%20requested%20link Note: If this redirects you to https...
Nextcloud: Business/Functional logic bypass: Remove admins from admin group.
In nextcloud the default admin can not be removed from his admin group. The group toggle request looks like this: POST /nextcloud/index.php/settings/ajax/togglegroups.php HTTP/1.1 Host: 139.59.9.184 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:47.0 Gecko/20100101 Firefox/47.0 Accep...
Nextcloud: help.nextcloud Email Address/Username enumeration
Hello nextcloud, i have another findings, i found that email address enumeration and or username enumeration is possible in signup/registration and forgot password under https://help.nextcloud.com/ , email/username enumeration can be use in any malicious intent by a malicious minded user. - For...
Nextcloud: newsletter.nextcloud.com: Bypass firewall protection
Hi Security team, I would like to report a vulnerability bypass firewall. when you are trying to navigate this link it needs authentication but it’s possible to access to admin panel when you add index.php after /admin/. https://newsletter.nextcloud.com/admin/index.php P.o.C : video in attachment...
Nextcloud: Bruteforcing help.nextcloud.com
Hi I've found that the user is allowed to perform brute force in help.nextcloud.com login, i've tried to input wrong password 25 times , then input my correct password in my 26th attempt and it is successfully login, a malicious minded user can always continue guessing an account password. Steps ...
Nextcloud: Bruteforce attack is possible on newsletter.nextcloud.com
Since HTTP Basic authentication is used on https://newsletter.nextcloud.com, This type of authentication is vulnerable to Bruteforce attack. refer the attachment below F100241 refer the attachment below F100240 Attacking via metasploit auxilary scanner httplogin: refer the attachment below F10023...
Nextcloud: No captcha on newsletter.nextcloudcom leaves vulnerable to email spammers
The lack of a captcah or verificationcodeX it's empty in your phplist configuration allows attackers to use this mail for to send as much spam as they like to victims. I did not reach an email sending limit when I had tested this. PoC images below: Burp suite automated requests:...
Nextcloud: Avatar image upload and bypass real image verification
Hi We can bypass Avatar Upload image verification and extension uploading a php file or any other extension binding a valide jpeg image , there is no risk for the moment because the avatar is renamed to avatarupload on the remote server , but it ll be nice to secure this part of code . Example...
Nextcloud: https://newsletter.nextcloud.com Directory listening and Information Disclosure
Hi, This is the domain that we are going to work about it as you know: https://newsletter.nextcloud.com/ Firstly I want to tell https://newsletter.nextcloud.com/admin when you are trying to navigate this link it needs authentication.But when you are doing this with via IP...
Nextcloud: Lost Password CSRF
Hi, I think it is something about your Wordpress version.It's not something highy risky bu it is vulnerability. CODE: Username or Email For testing CSRF I added the .html file to attachments.And there is a screenshot for you. How To Fix : Adding rpkey will be fine. Please take a look at links bel...