637 matches found
CVE-2024-52270
User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...
CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)
User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...
CVE-2024-52270
DropBox Sign (HelloSign) is affected by a UI misrepresentation vulnerability (Content Spoofing) affecting versions through 2024-12-04. The issue is observed when printing the UI; the layered content is not flattened in print previews, potentially enabling spoofed content disclosure. Concrete deta...
PT-2024-35141 · Dropbox · Dropbox Sign
Name of the Vulnerable Software and Affected Versions: DropBox SignHelloSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, allowing Content Spoofing. The displayed version does not show the layer...
DropBox Sign 安全漏洞
DropBox Sign DropBox HelloSign is a DropBox company that sends, receives and manages legally binding electronic signatures. A security vulnerability exists in DropBox Sign versions 2024-12-04 and earlier that stems from a misrepresentation of a user interface critical information vulnerability th...
CVE-2024-49607
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through = 1.0...
CVE-2024-49607
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0...
CVE-2024-49607 WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through = 1.0...
CVE-2024-49607 WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through = 1.0...
WordPress plugin WP Dropbox Dropins 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2024-33562 · Redwan Hilali · Wp Dropbox Dropins
Name of the Vulnerable Software and Affected Versions: Redwan Hilali WP Dropbox Dropins versions 1.0 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially compromise web servers...
WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WP Dropbox Dropins versions = 1.0...
WordPress WP Dropbox Dropins Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software WP Dropbox Dropins Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49607 Patch priority High CVSS severity High 10 Developer Claim ownership PSID bc49371a8bf9 Credits stealthcopter Required privilege...
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromis...
Tusk: unraveling a complex infostealer campaign
Summary Kaspersky Global Emergency Response Team GERT has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media...
EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that...
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...
PT-2024-11629 · Dropbox · Dropbox
Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns a SQL injection vulnerability. No specific details about the vulnerability, affected devices, or real-world incidents are provided. Recommendations: At the moment, there ...
New APT Group "CloudSorcerer" Targets Russian Government Entities
A previously undocumented advanced persistent threat APT group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control C2 and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said...
CVE-2023-40004
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...