637 matches found
Leaving Authentication Credentials in Public Code
Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402,...
Dropbox Folder Share <= 1.9.7 - Unauthenticated Remote Code Execution via LFI
Description The plugin does not validate the path and name of a file before including it, allowing unauthenticated visitors to include and execute arbitrary php files on the server, leading to remote code execution...
CVE-2023-4488
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
CVE-2023-4488
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
Design/Logic Flaw
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
CVE-2023-4488
CVE-2023-4488 refers to the Dropbox Folder Share for WordPress. Connected sources confirm an unauthenticated Local File Inclusion (LFI) via editor-view.php affecting versions up to and including 1.9.7, enabling attackers to include/execute arbitrary PHP files on the server. Impact statements indi...
CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
WordPress Plugin Dropbox Folder Share Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-29313 · WordPress · Dropbox Folder Share
Name of the Vulnerable Software and Affected Versions: Dropbox Folder Share for WordPress versions up to, and including, 1.9.7 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the editor-view.php file. This enables the execution of a...
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration
The advanced persistent threat APT actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary...
New BEC 3.0 Attack Exploiting Dropbox for Phishing
By Deeba Ahmed This is an active campaign, with 5,440 attacks detected in the first two weeks of September. This is a post from HackRead.com Read the original post: New BEC 3.0 Attack Exploiting Dropbox for Phishing...
Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'
Description The Dropbox Folder Share plugin plugin was affected by an Unauthenticated Server-Side Request Forgery SSRF security vulnerability...
WordPress Dropbox Folder Share Plugin <= 1.9.7 is vulnerable to Server Side Request Forgery (SSRF)
Software Dropbox Folder Share Type Plugin Vulnerable versions = 1.9.7 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Server Side Request Forgery SSRF CVE CVE-2023-3025 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID d1ee4d4ea4d2 Credits Alex...
CVE-2023-3025
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2023-3025
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
Server side request forgery (ssrf)
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2023-3025 Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2023-3025 Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...