4993 matches found
Nextcloud: Code injection in macOS Desktop Client
Vulnerability description I've identified a code injection vulnerability in your macOS desktop client. Any malicious application, running with standard user permissions is able to exploit this vulnerability and execute code in your application's context. Requirements In order to exploit this...
Nextcloud: Delete permission can be added on reshare
user0 creates folder /test user0 creates file /test/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/file.txt but not delete - good user1 uses the sharing API to share folder /test with user2, and specifies...
Nextcloud: Some HTML Tags are Getting Executed in com.nextcloud.client
What is the Vulnerability? HTML Tags such as , , and are Getting Executed in Next Cloud Client Mobile Application for Android which can then Results to Code Injection. Reproduction Steps 1. Using Next Cloud Client Mobile App on Android, Rename a Folder to test Our HTML tag Was Executed F518303...
Nextcloud: Passcode Protection in Android Devices Can be Bypassed.
What is The Vulnerability? The Passcode can be bypassed by calling a MainLoginActivity which is com.owncloud.android.ui.activity.FileDisplayActivity , We have successfully bypassed the passcode and are redirected to the App's User Interface. of the user’s credentials: Android Version: 9 Non Roote...
Improper permission preservation on reshares (NC-SA-2020-012)
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...
Nextcloud: CSRF vulnerability that allows an attacker to modify encryption settings
The POST request to /ocs/v2.php/apps/provisioningapi/api/v1/config/apps/core/encryptionenabled is missing a unique token, so that if an attack can trick an admin user with an active session to visit an attacker controlled website, he/she can control the core application setting "encryptionenabled...
User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...
Nextcloud: Wordpress Users Disclosure
Information Using REST API, we can see all the WordPress users/author with some of their information. Step to Reproduce You can get user info by entering below url in your browser: https://nextcloud.com/wp-json/wp/v2/users Reference: 356047 Impact Authors : LTR , LTREditor can be created scenario...
Nextcloud: Arbitrary code execution in desktop client via OpenSSL config
Summary: The nextcloud windows desktop application utilizes a precompiled OpenSSL library called libeay32.dll. This OpenSSL library attempts to load c:\usr\local\ssl\openssl.cnf when the nextcloud windows application is launched. The c:\usr\local\ssl\openssl.cnf file does not exist. By default, o...
Nextcloud: User with read-only access to a share can gain write access to sub-folders in the share
user0 creates folders /test and /test/sub user0 creates file /test/sub/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/sub/file.txt - good user1 creates a link share of /test/sub - it has permissions 1...
Nextcloud: Reflected XSS / Markup Injection in `index.php/svg/core/logo/logo` parameter `color`
I just found a reflected Cross-Site Scripting XSS vulnerability in Nextcloud Server that affects current stable and dates back to at least 15.0.5. The vulnerability seems mitigated by a Content-Security-Policy CSP, but there might be a residual risk for phishing, due to the CSP's lack of a...
Extract add-on for Nextcloud OS Command Injection Vulnerability
Extract add-on for Nextcloud is a set of component applications for Netcloud. An input validation vulnerability exists in Extract add-on for Nextcloud lib/Controller/ExtractionController.php, which allows remote attackers to submit a special request that can be used to execute arbitrary OS comman...
Nextcloud Extract App OS Command Injection Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Extract App is one of the compressed file extractor. An operating system command injection vulnerability exists in Nextcloud Extract App versions prior to 1.2.0. The...
CVE-2019-12739
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...
CVE-2019-12739
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...
Remote code execution
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...
CVE-2019-12739
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php nameOfFile and directory parameters...
CVE-2019-12739
The CVE-2019-12739 entry concerns the Nextcloud Extract add-on: lib/Controller/ExtractionController.php vulnerable before version 1.2.0. It allows Remote Code Execution via shell metacharacters in a RAR filename passed through ajax/extractRar.php (nameOfFile and directory parameters). Affected co...
Nextcloud: Non-admin users can trigger writes to memcached by entering a malicious server as a share URL
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long...
Nextcloud: Linux client is vulnerable to directory traversal when downloading files
Summary The Nextcloud Linux client is vulnerable to directory traversal when downloading files from a Nextcloud server. A malicious Nextcloud administrator can exploit the vulnerability to write arbitrary files to a user computers with the potential for remote command execution under certain...