637 matches found
CVE-2018-20819
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...
Heap overflow
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...
CVE-2018-20820
readujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service application runtime crash because of an integer overflow via a crafted file...
CVE-2018-20820
readujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service application runtime crash because of an integer overflow via a crafted file...
Integer overflow
readujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service application runtime crash because of an integer overflow via a crafted file...
CVE-2018-20819
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...
CVE-2018-20820
readujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service application runtime crash because of an integer overflow via a crafted file...
CVE-2018-20820
CVE-2018-20820 affects Dropbox Lepton 1.2.1; the read_ujpg function in jpgcoder.cc is vulnerable to an integer overflow when processing a crafted JPEG, leading to an application runtime crash (DoS). The available sources confirm the vulnerable component and impact (denial of service) but do not p...
CVE-2018-20819
CVE-2018-20819 affects Dropbox Lepton 1.2.1, specifically the decompression code io/ZlibCompression.cc. The root cause is a missing check of header payloads that may be larger than the maximum file size, enabling a heap-based buffer overflow that can crash the application and may have unspecified...
CVE-2018-20819
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...
Dropbox: Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack
@davidrenardy discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long password to the library, leading to a potential denial of service attack if performed at scale. Given how ZXCVBN is used at Dropbox, we accept the Denial ...
Dropbox: URL modification changes server side behavior to allow access
@itay658 discovered that adding "?dl=1" allows files to be downloaded, even if they were blocked with error 429. The bug has been fixed and pushed out...
Workspace: Personal Cloud Connectors
This article provides the steps necessary to utilize connectors for Box, Dropbox, and other third-party storage apps in Citrix Workspace...
Dropbox: Significant Two step verification Authentication Bypass
This report described a concern with our “Trust this Computer” feature in Dropbox web sign in. The way our “Trust this Computer” feature works, at a high level, is that while authenticating using 2FA, the user can request that this device be trusted in the future so they don’t have to use 2FA...
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or...
Dropbox: Disclose anonymous accessible link on embedded files in paper dropbox sessions
This report described some of the behavior of the integration between Dropbox and Dropbox Paper. In particular, when embedding a Dropbox file into Dropbox Paper, this implicitly creates a link to that file see https://www.dropbox.com/help/files-folders/view-only-access and embeds it within the...
How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page. The reported...
How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page. The reported...
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov Максим Владимирович Донаков, a resident of Penza, Russian Federation. In early 2016, a hacker wi...
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn, DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov Максим Владимирович Донаков, a resident of Penza, Russian Federation. In early 2016, a hacker wi...