Dropbox: [www.dropboxforum.com] - reflected XSS in search

There was a reflected XSS in the search feature for www.dropboxforum.com...

Dropbox: Stored XSS in dropboxforum.com

This report described a vulnerability where an attacker could put a specially crafted payload into the reply section of threads on dropboxforum.com to bypass the HTML filter on the site. This enabled a stored XSS attack against anyone viewing the message. This was an issue in Lithium forum...

Carbon Black Report: Tools of Choice

Quarterly Incident Response Threat Report PowerShell and WMI Remain Tools of Choice for Cyberattacks We’ve long known that PowerShell has been abused, but it is still significant that 100% of respondents say they believe the tool most often helps facilitate lateral movements, followed by WMI at...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

Hardcoded credentials

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

Dropbox 54.5.90 DLL Hijacking

Document Title: =============== Dropbox 54.4.90 - Multiples DLL Injection/Code Execution Date of Discovery: ================== 2018-08-24 Exploitation Technique: ======================= Local Platfom Tested: =============== Windows 10 Technical Details & Description:...

This Week in Security News: Scams and Security Risks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the EU and Japan finalized an agreement enabling the cross-border transfer of data. Also, businesses are turning to machine learning to comb...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

Authentication flaw

DISPUTED An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

CVE-2018-12446

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

CVE-2018-12445

The CVE-2018-12445 issue affects com.dropbox.android (version 98.2.2) where the FingerprintManager-based Biometric validation can bypass authentication by moving from onAuthenticationFailed to onAuthenticationSucceeded with a null result, due to improper integration between the fingerprint API an...

CVE-2018-12445

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in...

PT-2018-11178 · Dropbox · Com.Dropbox.Android

Name of the Vulnerable Software and Affected Versions: com.dropbox.android version 98.2.2 Description: An issue in the com.dropbox.android application allows authentication bypass through the FingerprintManager class for Biometric validation. This is possible because the fingerprint API, in...

PT-2018-11179 · Dropbox · Com.Dropbox.Android

Name of the Vulnerable Software and Affected Versions: com.dropbox.android version 98.2.2 Description: An issue in the Passcode feature allows authentication bypass via runtime manipulation, forcing a certain method's return value to true, enabling an attacker to authenticate with an arbitrary...

com.getdropbox.Dropbox app for iOS authentication bypass vulnerability

com.getdropbox.Dropbox app for iOS is an online collaboration app for managing documents based on the iOS platform. A security vulnerability exists in com.getdropbox.Dropbox app for iOS based platforms that stems from the program failing to use the kSecAccessControlUserPresence protection...