CVE-2023-3025 Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

WordPress Plugin Dropbox Folder Share Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Dropbox Folder Share Plugin <= 1.9.7 is vulnerable to Local File Inclusion

Software Dropbox Folder Share Type Plugin Vulnerable versions = 1.9.7 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-4488 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 097b8d11ce41 Credits Marco Wotschka Required privilege...

WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control

Software All-in-One WP Migration Dropbox Extension Type Plugin Vulnerable versions = 3.75 Fixed in 3.76 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 517b1424056f Credits Raf...

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Nikita Kislitsin, formerly the head of network security for one of Russias top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsins prosecution could soon put the Kazakhstan government in a...

File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015

The File Chooser Field allows users to upload files using 3rd party plugins such as Google Drive and Dropbox. This module fails to validate user input sufficiently which could under certain circumstances lead to a Server Side Request Forgery SSRF vulnerability leading to Information Disclosure. I...

Are Source Code Leaks the New Threat Software vendors Should Care About?

Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessibl...

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...

New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of...

PT-2023-11834 · WordPress · Jetbackup

Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including 1.4.1 Description: The issue allows authenticated attackers with minimal permissions to change the location of backups, potentially leading to the the...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

CVE-2023-0669 This Repo contain the pcakages and scr...

New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East

Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected intelligence gathering mission. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former's work-in-progress moniker WIP26...

New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East

Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected intelligence gathering mission. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former's work-in-progress moniker WIP26...

SUSE CVE-2016-6234

The processfile function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service crash via a crafted jpeg file...

SUSE CVE-2016-6238

The writeujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service out-of-bounds read via a crafted jpeg file...

SUSE CVE-2016-6237

The buildhuffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service out-of-bounds write via a crafted jpeg file...

SUSE CVE-2016-6236

The setupimginfojpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted jpeg file...

GemFetch (>=0.1.3 <=0.1.6), MFEKmath (>=0.1.0 <=0.1.1) +2934 more potentially affected by unknown CVE via safemem (>=0.1.1 <=0.3.3)

safemem CARGO version =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.8.16, =0.2.0, =0.1.1, =0.1.0, =0.0.6, =0.0.7-alpha.3, =0.0.7-alpha.1, =0.1.0, =0.9.2, =0.9.3 - acme2-slim =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0081...

MAL-2023-4 Malicious code in eslint-plugin-dropbox-sign (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef0b78a956b34b6e0c3db65f1f623e28b0e80753ffae8ea19c75e4217f1dc0b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...