Code injection

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

CVE-2017-9286 nextcloud package security issues with /srv/www/htdocs

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

CVE-2017-9286

The CVE-2017-9286 issue affects openSUSE’s Nextcloud packaging, where upgrading the nextcloud package could allow a local attacker running as wwwrun to escalate to root via an unsafe /srv/www/htdocs handling. The vulnerability stems from a race condition involving a /tmp file during upgrade. Reme...

Nextcloud: twofactor_auth bypassable if provider fails to load

Just want to preface this by saying that this is probably not a significant vulnerability, as it requires that the server either have recently been incorrectly upgraded or otherwise misconfigured. However in the administration of my own personal NextCloud instance I have hit this several times...

Nextcloud: Email Notification should be get while changing password on apps.nextcloud.com

Hi, There is an issue with password reset functionality with Nextcloud: user is not receiving notification when he reset password. Issue: user not always gets a notification about password change. When user change his password then a notification is not send to the user. It is good to always send...

Nextcloud: Registered users can change app password permissions for any user

Vulnerable URL http://server/nextcloud/index.php/settings/personal/authtokens/token ID Summary Nextcloud users can create app-specific passwords, also called authtokens, giving an app limited access to their account. Users can grant or deny access to their files for each app password. The functio...

Nextcloud: SQL Injection found in NextCloud Android App Content Provider

Using Drozer, we identified com.nextcloud.client is vulnerable to Sql Injection here is output from drozer: dz run scanner.provider.injection -a com.nextcloud.client Scanning com.nextcloud.client... Not Vulnerable: content://com.nextcloud.android.providers.UsersAndGroupsSearchProvider...

Nextcloud: Broken link for wrong domain entry may be leveraged for Phishing, Misinformation, Serving Malware

Hi Team, Page: https://nextcloud.com/news/16/ Broken link for incorrect DNS entry: It seems like a typo and makes the tld as .comg instead of .com. Now other than usability issue for users, it poses security risk as .comg can be claimed as a gTLD since it is not a reserved TLD Similar to...

openSUSE Security Update : nextcloud (openSUSE-2017-1121)

This update for nextcloud fixes the following issues : - CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. boo1036756 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Nextcloud: NextCloud is also Accepting OCTET-STREAM Type of Documents instead of jpg or Imge Files Only

Summary: I noticed that NextCloud is accepting OCTET-STREAM Type of Files Where you have Background/Logo Upload Option. I Believe that NextCloud is Checking for Such Type of Files but i can upload application/octet-stream Type of Documents by Crafting a Special Type of File In this case i created...

PT-2018-16194 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.3 Nextcloud Server versions prior to 11.0.5 Description: The issue is related to an improper input validator, which could allow an attacker's actions to remain unlogged in the audit log. Recommendations...

PT-2018-16193 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.3 Description: The issue allows an attacker with obtained user credentials to bypass 2 Factor Authentication due to improper authentication. Recommendations: For versions prior to 12.0.3, update to...

Nextcloud: WordPress < 4.8.2 vulnerable to multiple attacks

Hello team, Summary: I observed that your website https://nextcloud.com still uses WP less than 4.8.2 which is vulnerable to multiple attacks, i reported it so that the team will be aware of it, below are the new discovered bug that you can find on this release:...

Nextcloud: Banner Grabbing - Apache Server Version Disclousure

Hello Nextcloud, I'd like to report a nice little bug. Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. I've captured the HTTP request while visiting https://customerupdates.nextcloud.com an...

Nextcloud: Nextcloud logs ldap passwords

When the ldap server is temporarily unavailable, data like the attached ends up in log files. I've replaced usernames with XXXUSERnXXX and passwords with XXXPASSnXXX. It seems that at least the following are missing from $methodsWithSensitiveParameters in lib/private/Log.php: - bind -...

Nextcloud: Disabled user can reset their password

Steps: 1 Create user and disable the account 2 Goto reset password and enter disabled user's email address. Password reset link sent and he can reset the password using that link. The point is : Disabled user can still access their account via reset password page. This is a very minor issue...

Nextcloud: Information Exposure Through Directory Listing

Hello. I found open directories on the site https://apps.nextcloud.com, which can be viewed by any unauthorized user. There is an error at https://apps.nextcloud.com/static/. F212856 All directories and files in them, starting with /static/ can be viewed or downloaded with all the content. Perhap...

Nextcloud: Access to all files of remote user through shared file

Steps to reproduce 1. User A shares a file "movie.mp4" with user B. 2. User B uses webdav to access files e.g. foldersync or nautilus 3. share is shown as regular file using webdav. 4. Copy the file and paste it to the same folder still using webdav. 5. A new folder will appear with the name...

Nextcloud: WebDAV Empty Property search leads to full CPU usage

Tested with the following versions: - owncloud:10.0 - nextcloud:12.0 with mariadb in place. A PROFIND nextcloud/remote.php/webdav/ with xml as body causes full CPU utilization of one Apache worker process. in curl form: curl -i --user testuser:testpass -X PROPFIND -d ''...

Nextcloud: bypass of 2FA

Improper protection of the 2FA login made a bypass of the 2FA possible. The bug required to know user credentials but effectively rendered the 2FA ineffective. The issue has been fixed by the Nextcloud team and has been validated by the reporter...