Nextcloud: No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted

There is no session logout after changing password and also if admin needs to disconnect some session of android no android sessions are shown in list If attacker has password and logins somehow using android app he may not be logged out as there are no session logout after changing password and...

Nextcloud: Reflected XSS in U2F plugin by shipping the example endpoints

While running a RIPS scan against our instrumentalized source code it noticed that the file /apps/twofactoru2f/vendor/yubico/u2flib-server/examples/localstorage/index.php echoes on user input: F145451 I was first a tad confused because the examples have been removed from our Git repository, but t...

Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...

Nextcloud: Stored XSS on new Calling plugin (spreed)

There's a stored xss vulnerability .... Proof Of Concept : =============== 1. Set name as an xss payload like "x. F143238 2. Invite people to single call room. 3. Xss will execute in IE. It doesn't support CSP F143237 Impact : ======== Admin user can be xssed via this method if admin uses browser...

Nextcloud: BruteForce in to Admin Account

Hello, My self Abdulwahab, I want to Alert You that Your website is Facing a serious Problem Called : Username Enumeration This Problem is on nextcloud.com/wp-admin We Use wpscan to get username and the username is "frank" After getting username a user can Bruteforce it Using Wpscan and get acces...

Nextcloud: Login Hints on Admin Panel

Hi, Hope you are doing fine. I wanted to inform you regarding the enabling of the login hints on your wp-admin panelhttps://nextcloud.com/wp-login.php. Vulnerability: The admin panel shows very "specific" hint information if a hacker tries for a bruteforcing attack. Steps to reproduce: 1. Navigat...

Nextcloud: Wordpress Version Disclosure Bug On Nextcloud

Hi @nextcloud , Description Wordpress version disclosure. Affected items https://nextcloud.com/readme.html https://nextcloud.com/wp-admin/install.php https://nextcloud.com/wp-login.php The impact of this vulnerability Possible Wordpress Version information disclosure.You are using wordpress 4.6.1...

Nextcloud: Files Drop: WebDAV endpoint is leaking existence of resources

The new WebDAV endpoint implementation in 11 is leaking too many informations if one executes a MKCOL or a PUT against an existing item. With Files Drop one should only be able to upload files but not leak any existence of items. Leaking existence using PUT When doing a PUT the expectation is to...

Content-Spoofing in "dav" app - ownCloud

The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Affected Software ownCloud Server 9.1.2 CVE-2016-???? core/96b8afe48570bc70088ccd8f897e9d71997d336e ownCloud Server 9.0.6 CVE-2016-????...

Stored XSS in CardDAV image export - ownCloud

The CardDAV image export functionality as implemented in ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Note:ownCloud employs a very strict Content Security...

OwnCloud/NextCloud Cross-Site Scripting Vulnerability

OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany.Nextcloud is an open source self-hosted file synchronization and sharing communication application platform.OwnCloud Server and Nextcloud Server are both a server version of one of them. A cross-site scriptin...

Nextcloud: Content Spoofing in "files" app

@ahsantahir reported a Content Spoofing Vulnerability in the Nextcloud Server. The related security advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2017-006 On request of the reporter the issue has only been disclosed limitedly...

Nextcloud Server Cross-Site Scripting Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a cross-site scripting vulnerability in the CardDAV image output. An attacker can exploit this vulnerability to launch an XSS attack...

Nextcloud Server Authentication Bypass Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has an authentication bypass vulnerability in SMB. An unauthenticated attacker can exploit this vulnerability to bypass security mechanisms and access the SMB serv...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2016-10262)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a cross-site scripting vulnerability in Gallery due to Gallery failing to adequately handle exception messages. An attacker can exploit this vulnerability to...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2016-10259)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "files" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts inputs under the...

Nextcloud Server Content Spoofing Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "dav" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts input under the...

Nextcloud: xss on demo.nextcloud.com due to outdated version

Hello. I found the possibility of introducing "html-tag" and of xss attack in the form of adding comments. Details video. Payload: Browser: Firefox 49.0 OS: Ubuntu 16.04...

Nextcloud: Content spoofing due to the improper behavior of the 403 page in Private Server

@ahsantahir reported a content spoofing vulnerability on an internal server. We've fixed this by adjusting the Apache configuration. On request of the reporter this is disclosed limitedly...

Nextcloud: URI scheme bypass in mail app lead to HTML content spoof and opener control

Bug When we load a HTML mail from mailbox via api, etc http://nextcloud/index.php/apps/mail/accounts//folders/SU5CT1g=/messages//html Our content will be passed to HTML Purifier to strip malicious XSS patterns. After that, an filter will apply to transform acceptable URI schemes http, https, ftp,...