CVE-2015-4715

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ at sign character in unspecified POS...

CVE-2015-4715

The CVE-2015-4715 entry affects ownCloud Server (Dropbox storage integration) via the Dropbox-PHP OAuth/Curl.php fetch function when an external Dropbox storage is mounted. Affected versions: ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4. The vulnerability allows remote adm...

How to Share Files Securely Online: Dropbox, Firefox Send, and More

There's no shortage of options for sharing documents and more with friends, family, and colleagues. These are your best bets...

Dropbox Passes $1M Milestone for Bug-Bounty Payouts

Dropbox, the cloud-based file-sharing service, has reported that it has paid out more than $1 million to bug-bounty hunters since starting its program in 2014. The milestone comes after the service tripled its bounties in 2017, and after running two live hacking events with the HackerOne platform...

Dropbox: Coupon codes indexed by Google

Security researcher was able to perform google dorking to find an explicit information regarding coupons that allowed to escalate pricing plans...

Dropbox: Local Privilege Escalation on Dropbox Desktop for Windows

This report describes a local privilege escalation in the Dropbox automatic updater process on Windows. It would allow a malicious actor who had already gained non-admin access to a Windows computer to obtain admin privileges, if Dropbox had previously been installed with admin privileges. This...

KLA12065 PE vulnerability in Dropbox

A privilege escalation vulnerability was found in Dropbox. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories Dropbox updater privilege escalation Related products Dropbox CVE list Solution Update to the latest version Download Dropbox Affected Products -...

Dropbox: Leaking API_KEY of testrail of HelloSign gives read/write access

The APIKEY and testrail config details were leaked on Github, which attackers could use to access testrail accounts of HelloSign and perform read/write actions. Impact: Access to testrail account of HelloSign...

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.3 to version 3.8, spanning over 24 years ...

Dropbox: Broken OAuth leads to change photo profile users .

This report describes how an API to update a user account photo did not fully authenticate the provided authentication token. This would allow an attacker who gained access to a partial user authentication token through other means to set the user's photo to a malicious image. No feasible method...

Dropbox: Fedora installation instructions fetch repo and validation key from insecure source, allowing mitm attack

The reporter noted that our installation instructions for our Linux Desktop Client for Fedora specified HTTP urls instead of HTTPS. This could allow an attacker, with a privileged network position, the ability to swap the GPG key during installation allowing them to install a rogue signing key on...

Dropbox desktop application information disclosure vulnerability

Dropbox desktop application is an open source, cross-platform file online storage, synchronization, and sharing application from Dropbox, Inc. A security vulnerability exists in the Dropbox desktop application version 71.4.108.0, which originates from the Dropbox.exe file and the...

CVE-2019-12171

Dropbox.exe and QtWebEngineProcess.exe in the Web Helper in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process...

CVE-2019-12171

Dropbox.exe and QtWebEngineProcess.exe in the Web Helper in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process...

Design/Logic Flaw

Dropbox.exe and QtWebEngineProcess.exe in the Web Helper in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process...

CVE-2019-12171

Dropbox.exe and QtWebEngineProcess.exe in the Web Helper in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process...

CVE-2019-12171

Summary : CVE-2019-12171 affects the Dropbox desktop application (version 71.4.108.0) where Dropbox.exe and QtWebEngineProcess.exe store credentials in cleartext in memory after login or account creation, and these credentials are not securely freed in the running process. This is corroborated by...

CVE-2018-20819

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...

CVE-2018-20819

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...