4994 matches found
Nextcloud: Bypass permissions
@secator reported some permission related issues in Nextcloud Server to us. On request of the reporter the issue has only been disclosed limitedly...
Nextcloud: Unauthenticated Stored xss
Ohio NextCloud-Sec Team! i know this might be out of scope but i thought i should tell you no lies i thought i'd get more reputation points out of the words , here what i'm pointing at: Details: ======== ! Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting XSS Reference:...
Nextcloud: Android - Possible to intercept broadcasts about uploaded files
Hi. There are the moments of sending unprotected broadcasts https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.javaL1170 https://github.com/nextcloud/android/blob/master/src/com/owncloud/android/files/services/FileUploader.javaL1116...
Nextcloud: Privilege escalation - Normal user can somehow make admin to delete shared folders
@etd reported an issue to us which had already been reported to us an independent party via our public bug tracker. Thus we were not able to qualify this for a monetary reward. However, we'd like to thank @etd for their report! – On request of the reporter, this issue is only disclosed limitedly...
Nextcloud: Reflected XSS in Gallery App
Go to: nextcloud/index.php/apps/gallery/%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3Ejavascript:alert%280%29//%00 Tested on: Firefox 43.0.1 If you need more information then write me...
Nextcloud: **minor issue ** -Nextcloud 10.0 session issue with desktop client and android client
Scenario: -- Installed nextcloud 10.0 locally and created "admin" account -- Installed nextcloud desktop client and andoid client I found session related vulnerability in nextcloud 10.0 where killing session in Useradmin -- Personal -- Sessions not actually killing sessions in desktop client Step...
Nextcloud: Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
Normal userNon-privileged can mask external storage shared by admin. Scenario : Created three users "admin", "attacker", "victim" Created group "samplegroup" containing all the three users with "victim" as group admin Steps: 1 User "admin" created external storage named "localstrg"note: name is t...
Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads)
Note::steps mentioned in report164027 In the Comments Box,the payload to execute XSS is passed. Test Payloads: alert1 Also the above payload is still working.. Also try this payload " fooalert1 Click edit comment after posted. XSS Triggers...
Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files Information
Vulnerability Found In the test domain: demo.nextcloud.com Vulnerability Type : Reflected XSS STEPS TO REPRODUCE: STEP 1: Login to demo nextcloud server site using test credentials.demo.nextcloud.com STEP 2: On the All Files Tab ,Select Any File. STEP 3: A tab opens on the Right Hand side of the...
Nextcloud: Slow Http attack on nextcloud(DOS)
@drosera has reported a slow HTTP attack on nextcloud.com leading to DoS. We've meanwhile mitigated the issue. On request of the reporter, this issue is only disclosed limitedly...
Nextcloud: Wordpress: Directory Traversal / Denial of Serivce
Hello Security team, While testing nextcloud.com i have found that you are not using the lastest version of wordpress you are using old version 4.5.3 which is vulnerable to Directory Traversal / Denial of Serivce Description : A path traversal vulnerability was found in the Core Ajax handlers of...
Nextcloud: Expired SSL certificate
I would like to inform you that the SSL certificate for www.nextcloud.org is expired at: 24. August 2016 15:03 Thanks...
Nextcloud: \OCA\DAV\CardDAV\ImageExportPlugin allows serving arbitrary data with user-defined or empty mimetype
The SabreDAV plugin \OCA\DAV\CardDAV\ImageExportPlugin is used for displaying pictures of a VCF. It registers on a GET request on a CardDAV element and acts when the query parameter photo is sent. The logic can be seen below: / Intercepts GET requests on addressbook urls ending with ?photo. @para...
Nextcloud: Information Disclosure of .htaccess file in Private Server/Subdomain
@ahsantahir reported a missing permission check on an internal service allowing the extraction of the .htaccess file. We've fixed this by adjusting the Apache configuration and putting Basic Auth in front of the page. On request of the reporter this is disclosed limitedly. Non-Critical, small...
Nextcloud: Password Reset Link issue
Hello, i found out about an issue in your password reset links and their expiration Steps to reproduce: Request a password reset link to an account Login to the account afterwards Logout and use the link to reset the password The link would not be expired Now i know that the links need to expire...
Nextcloud: Content Injection - demo.nextcloud.com
Hi there, Similar as report 161299 , but in this case it's possible to inject the 403 Forbidden page. URL: https://demo.nextcloud.com/.htacess%20Content%20Injection%20test Thanks!...
Nextcloud: Content Injection - apps.nextcloud.com
Hi there, The following URL: https://apps.nextcloud.com/.htacess%20Content%20Injection%20test is vulnerable to Content Injection. Reference: https://www.owasp.org/index.php/ContentSpoofing You should use a 403 Forbidden page. If you need further information, let me know. Thanks!...
Nextcloud: XSS on IOS app via HTML rendering
@bugdiscloseguys reported an issue to us leading to a stored XSS attack on the iOS app. To be exploitable the victim would have to open a malicious file shared by an adversary with the user. On request of the reporter, this issue is only disclosed limitedly. While we usually don't agree to disclo...
Nextcloud: demo.nextcloud.com: Content spoofing due to default Apache Error Page
Hello there , your site is vulnerable to phishing the users by this vulnerability. proof of concept...
Nextcloud: Arbitrary File Upload in Logo & Log in image Theming setting.
Hi team First I think this vulnerability doesn't fall at your bug bounty program but this is a bad design that should fix right now cause if an attacker get admin access he still can upload a malicious file in client server side. I saw that Logo & Log in image allow to upload other files type...