Lucene search
K

4993 matches found

Hacker One
Hacker One
added 2019/05/23 12:44 p.m.30 views

Nextcloud: Memory Leak in OCUtil.dll library in Desktop client can lead to DoS

The function IsChildFileconst wchart rootFolder, const wchart file in FileUtil.cpp allocates memory on line 42 and fails to free it. The following PoC code can provide evidence. The code and the PoC executable is attached to this report. Also OCUtils.dll and OCUtilsx64.dll library which is...

4.9CVSS0.4AI score0.00466EPSS
Exploits1
Hacker One
Hacker One
added 2019/05/13 3:2 p.m.40 views

Nextcloud: Vulnerable W3 Total Cache plugin version in use on nextcloud.com

Hi there, I noticed you are currently using a vulnerable version of W3 Total Cache, as the changelog containing the plugin version is publicly reachable: https://nextcloud.com/wp-content/plugins/w3-total-cache/changelog.txt W3 Total Cache makes the site vulnerable to a series of attacks, includin...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2019/05/09 5:15 p.m.27 views

Nextcloud: Blind Stored XSS on iOS App due to Unsanitized Webview

Hi Team! I found a Blind XSS can executed on iOS App due to unsanitized webview. Using this issue, attacker can extract information from victim. Steps To Reproduce: 1. Upload malicious HTML, share to victim 2. Waiting victim to open it F487447 F487448 HTML payload attached, don't forget to change...

3.5CVSS0.4AI score0.00783EPSS
Exploits0
Hacker One
Hacker One
added 2019/05/02 7:36 p.m.27 views

Nextcloud: W3 Total Cache plugin multiple vulnerabilities

W3 Total Cache plugin version = 0.9.4.1 on the https://nextcloud.com has multiple vulnerabilities. See the screenshot.png Impact Remote Command Execution, Unauthenticated Security Token Bypass, Unauthenticated Arbitrary File Read etc...

3.6AI score
Exploits0
Hacker One
Hacker One
added 2019/04/28 6:30 p.m.14 views

Nextcloud: External Storage - WebDAV - New user has access to storage from deleted user (same user-ID)

Delete existing user account "user3" Create new user account "user3" Also reported on https://github.com/nextcloud/server/issues/15258 Impact Newly created user with same user-id of a deleted user has access to the configured external webdav storage from the deleted user...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2019/04/23 9:9 a.m.1144 views

Nextcloud: Remote Code Execution via Extract App Plugin

Hi, I found a critical issue in the Add-on "Extract" listed in the Nextcloud Marketplace: https://apps.nextcloud.com/apps/extract This extension can be installed directly from Nextcloud Application The vulnerability was found in file: extract/lib/Controller/ExtractionController.php line 102. The...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2019/04/10 3:16 p.m.24 views

Nextcloud: Combination of content provider allows private data disclosure

Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per 489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract at least pictures and text files b...

2.1CVSS0.4AI score0.00434EPSS
Exploits1
Hacker One
Hacker One
added 2019/04/03 4:34 a.m.27 views

Nextcloud: In Dockerized Environments, Failing to Read config.php Grants Any Anonymous User Full Admin Access

Consider this deployment: - Nextcloud is already installed in a Dockerized environment. - There are two Nextcloud containers running in the environment. - Both containers share the same MySQL database. - Both containers share the same data /var/www/html/data and config /var/www/html/config via...

1.7AI score
Exploits0
Nextcloud
Nextcloud
added 2019/04/01 12:0 a.m.36 views

2FA sessions not properly expired on password change (NC-SA-2020-001)

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset...

3.2CVSS1.2AI score0.0032EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/03/29 12:20 p.m.35 views

Nextcloud: SQLi allow query restriction bypass on exposed FileContentProvider

FileContentProvider is an exposed provider As per its definition on https://github.com/nextcloud/android/blob/master/src/main/java/com/owncloud/android/providers/FileContentProvider.java, limited set of data shall be exposed as per @l444 switch mUriMatcher.matchuri case ROOTDIRECTORY: case...

2.1CVSS3.6AI score0.00507EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.21 views

openSUSE Security Update : nextcloud (openSUSE-2019-640)

This update for nextcloud to version 13.0.5 fixes the following issues : Security issues fixed : - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...

5.4CVSS5.3AI score0.00769EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.19 views

openSUSE Security Update : nextcloud (openSUSE-2019-511)

This update for nextcloud fixes the following issues : Security issues fixed : - CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint bsc1100344. - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files ...

8.1CVSS5.6AI score0.01657EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.22 views

openSUSE Security Update : nextcloud (openSUSE-2019-655)

This update for nextcloud fixes security issues and bugs. Security issues fixed : - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including : - Password expiration time changed fro...

5.4CVSS5.2AI score0.00769EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/03/26 10:13 a.m.38 views

Nextcloud: [Reflected XSS] In Request URL

In index.php file on 1765 we can see XSS: " Because NextCloud allow links like: '/index.php/ANYCONTENT' If we will do request like: POST /updater/index.php/h"alert1; HTTP/1.1 Host: vulns.local Content-Type: application/x-www-form-urlencoded Content-Length: 33 updater-secret-input=OURSECRET We wil...

3.5CVSS1.1AI score0.00729EPSS
Exploits0
Nextcloud
Nextcloud
added 2019/03/26 12:0 a.m.25 views

Reflected XSS in redirect of the Updater (NC-SA-2020-007)

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

3.5CVSS0.8AI score0.00729EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/03/13 5:22 p.m.48 views

Nextcloud: Missing DNSSEC

The nextcloud.com domain does not have DNSSEC enabled...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2019/03/12 3:48 p.m.39 views

Nextcloud: Group admins can remove arbitrary data from "data" directory (including admin data)

Steps to reproduce: 1. Create a new user and make him an admin of an arbitrary group 2. Log in as this new user 3. Create a new user "filesexternal", "appdatarandom-data", .. 4. Delete this user Result: The data/filesexternal / data/appdata.. folder is removed. Solution: Prevent creation of users...

4CVSS3AI score0.01472EPSS
Exploits1
Hacker One
Hacker One
added 2019/03/12 3:45 p.m.38 views

Nextcloud: Nextcloud domain and name of every user leaked to lookup server

Steps to reproduce: 0. Install and set up Nextcloud, optional: create a few random users 1. Apply the following patch to a standard Nextcloud server: patch diff --git a/settings/BackgroundJobs/VerifyUserData.php b/settings/BackgroundJobs/VerifyUserData.php index 56ebadff9c..76ed8b5ed3 100644 ---...

5CVSS0.3AI score0.01924EPSS
Exploits1
Hacker One
Hacker One
added 2019/03/12 3:42 p.m.40 views

Nextcloud: Arbitrary SQL command injection

When querying for users on the lookup server any unauthenticated user could perform an SQL Injection...

7.5CVSS4.1AI score0.01788EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/09 4:46 p.m.23 views

Nextcloud: Able to bypass "Device credentials" Lock

Prepare 1. Enable "Device credentials" lock via the settings. I'm using fingerprint in my case 2. Test if this works by closing the app and open it again. 3. If this works close the app again, do a force close to make sure the application is closed. The next steps need to be done quickly right...

2.1CVSS4.6AI score0.00385EPSS
Exploits0
Rows per page
Query Builder