Nextcloud: Missing Rate Limiting protection leading to mass triggering of e-mails

The issue is that there is a speed bump missing in the subscription of e-mail for a user. This would eventually let the attacker spam to any random e-mail resulting in exhaustion of resources on your side and I see that you are using Amazon AWS's SES where you are charged per e-mail. If a dedicat...

Nextcloud: Cross Site Scripting

Hello team, While i was hunting https://help.nextcloud.com, i found xss there in comment/reply box.. Steps to reproduce 1. go to https://help.nextcloud.com. 2. Click On Any I'm selecting "Welcome to the Nextcloud forums" 3. Sign in or Sign up in your account. 4. Click Reply.. 5. Type or paste :-...

Nextcloud: information disclose

Hello Team . I Reported a issue - disclosure SERVER Version !! when i interrupt this https://demo.nextcloud.com/ Request , its disclosure The server version Server: Apache/2.4.6 CentOS OpenSSL/1.0.1e-fips As you can See this Pic , or you can Interrupt the url useing Any Proxy tools like Burp Suit...

Nextcloud: Stored XSS in Gallery application (NC-SA-2017-010)

Stored XSS in Gallery application NC-SA-2017-010 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CWE-79 Description A JavaScript library used by Nextcloud for sanitizing untrusted...

Nextcloud: Content (Text) Injection at https://nextcloud.com

Hi, I may have found a ContentText Injection on this domain https://nextcloud.com PoC: https://nextcloud.com/federation/[email protected] and please fill your account infomation in http://form.google.com/xasw Let me know if you need more information...

Nextcloud: Clickjacking In https://demo.nextcloud.com

Hi Nextcloud, Clickjacking In https://demo.nextcloud.com This Is Zeeshan,An Ethical Hacker, I Have Found A Security Issue In Your Site Clickjacking In nextcloud https://demo.nextcloud.com Page Website is vulnerable to clickjacking! Please Fix It As Soon As Possible Best Regards, Zeeshan Waheed...

Nextcloud: Possible SSRF in email server settings(SMTP mode)

Description: vul address https://demo.nextcloud.com/xxx/settings/admin/additional,when you change smtp server address ,you will get some different hints. Reproduce steps: 1.Go to https://demo.nextcloud.com/xxx/settings/admin/additional,choose SMTP mode 2.Set server address to "172.17.1.0,then you...

Nextcloud: The email API to test email-server settings is unlimited and can be used as a email bomb

Description: The email-server settings test function in https://demo.nextcloud.com/xxx/settings/admin/additional is unlimited and can be used as a email bomb. And the test email API is https://demo.nextcloud.com/xxx/settings/admin/mailtest Reproduce steps: 1.Go to...

Nextcloud: The email API to reset password is unlimited and can be used as a email bomb

Description: The email API https://demo.nextcloud.com/qazxsw/lostpassword/email to reset password is unlimited and can be used as a email bomb Reproduce steps: 1.Every Instant trial's link is https://demo.nextcloud.com/yourname,and it always has a default user admin 2.then I try to visit one...

Nextcloud: Content Spoofing/Text Injection in https://demo.nextcloud.com

Greetings, Hello Team, I have found a Content Spoofing/Text Injection on this domain https://demo.nextcloud.com PoC URL:https://demo.nextcloud.com/wp-content/cache/minify/%0d%0ahas%20moved%20to%20www.attacker.com.Please%20visit%20attacker.com%20present%20resource PoC Screen Shot: Let me know if y...

Nextcloud: GIT Detected

Hello team, While i was testing nextcloud.com, I've detected GIT repository files. GIT repository files can disclose GIT repository usernames and file lists. While disclosures of this type do not provide direct attack vectors, they can be useful for an attacker when combined with other...

Nextcloud: CSRF token validation is missing

Greetings, Hello Security Team, Summary I know this is a medium risk issue but i want you guys to be aware of it that the CSRF token validation is missing at the time of login on https://portal.nextcloud.com/login.php login page. PoC Code: Email Password Login Now Forgot Password? var tabs = '';...

Nextcloud: https://portal.nextcloud.com/.htaccess file is readable

@mksahilisr reported a disclosure of the .htaccess file on https://portal.nextcloud.com. This has been resolved by adding the following to the Apache server configuration: order allow,deny deny from all Since the .htaccess file contained some potential sensitive data this report has only been...

Nextcloud: Delete All Data of Any User

If you are user have permission manage useradmin group, you can delete all data off website. step: 1. Create new user with username is '.'. 2. Delete user, who just have been created. Cause: when you create new use, nextcloud app will make a new folder same name with username, which have been...

Nextcloud Denial of Service Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A denial of service vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2. An attacker...

Nextcloud OCS API Elevation of Privilege Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An elevation of privilege vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2. An...

Nextcloud Quota Limit Bypass Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, which stems from the...

Nextcloud Information Disclosure Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 9.0.55 and 10.0.2. The vulnerabili...

Nextcloud Unauthorized Folder Creation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An out-of-authority folder creation vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2017-05596)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. A content spoofing vulnerability exists in Nextcloud Server. An attacker could exploit this issue to manipulate and spoof content, which could facilitate further attacks...