639 matches found
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat APT group and other researchers refer to as...
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat APT group and other researchers refer to as...
Dropbox FinderLoadBundle OS X Local Root Exploit
!/bin/bash Dropbox FinderLoadBundle OS X local root exploit by cenobyte 2015 - vulnerability description: The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory...
Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation
Dropbox 3.3.x - OSX FinderLoadBundle Privilege Escalation !/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0.,...
Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation
!/bin/bash Exploit Title: Dropbox FinderLoadBundle OS X local root exploit Google Dork: N/A Date: 29/09/15 Exploit Author: cenobyte Vendor Homepage: https://www.dropbox.com Software Link: N/A Version: Dropbox 1.5.6, 1.6-7., 2.1-11., 3.0., 3.1., 3.3. Tested on: OS X Yosemite 10.10.5 CVE: N/A Dropb...
When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)
My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the...
Dropbox Login Detection (deprecated)
Binary data 8872.prm...
Mail.ru: Vulnerability :- "XSS vulnerability"
Hello mail.ru Security Team, I have found XSS vulnerability On your WEBSITE :- http://corp.mail.ru/en/jobs/feedback/ My Payload is this :- '" Vulnerability :- "XSS vulnerability" Vulnerable Fields : "Social Network fields" Cross-Site Scripting XSS vulnerabilities are a type of computer security...
MGASA-2015-0314 Updated owncloud package fixes security vulnerabilities
In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted CVE-2015-4715. In ownCloud before 6.0.8 and 8.0.4, the...
Updated owncloud package fixes security vulnerabilities
In ownCloud before 6.0.8 and 8.0.4, a bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted CVE-2015-4715. In ownCloud before 6.0.8 and 8.0.4, the...
Tango DropBox ActiveX Control Heap Buffer Overflow Vulnerability
Etonica Tango DropBox is a suite of free FTP applications that offer features such as uploading files and folders, intermittent transfers and browsing remote folders. A remote heap buffer overflow vulnerability exists in the Etonica Tango DropBox ActiveX control, which allows remote attackers to...
ThisData: Xss via Dropbox
ThisData formerly Revert provides the ability to backup Dropbox files. File names were rendered within the app in an unescaped manner, meaning if you could get Dropbox to accept a file with a name like ".png you could XSS Revert's backup rendering screen...
Mounted Dropbox storage allows "Dropbox.com" to access any file - ownCloud
A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted. This was caused by a feature of PHP which has been turned off per default as of PHP 5.6.0 in t...
Server: Mounted Dropbox storage allows "Dropbox.com" to access any file
A bug in the SDK used to connect ownCloud against the Dropbox server might allow the owner of "Dropbox.com" to gain access to any files on the ownCloud server if an external Dropbox storage was mounted. This was caused by a feature of PHP which has been turned off per default as of PHP 5.6.0 in t...
Tango DropBox 3.1.5 Active-X Heap Spray Vulnerability
Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll 3.6.5.0 method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO. Tango DropBox Activex Heap Spray Exploit Version:3.1.5 + PRO The vulnerability lies in the COM...
Tango DropBox 3.1.5 + PRO - Activex HeapSpray
Tango DropBox Activex Heap Spray Exploit Version:3.1.5 + PRO The vulnerability lies in the COM component used eSellerateControl350.dll 3.6.5.0 method of the ''GetWebStoreURL' member. Vendor Homepage:http://etonica.com/dropbox/index.html Software Link:http://etonica.com/dropbox/download.html Autho...
Tango DropBox 3.1.5 + PRO - Activex HeapSpray
Tango DropBox 3.1.5 + PRO - Activex HeapSpray Tango DropBox Activex Heap Spray Exploit Version:3.1.5 + PRO The vulnerability lies in the COM component used eSellerateControl350.dll 3.6.5.0 method of the ''GetWebStoreURL' member. Vendor Homepage:http://etonica.com/dropbox/index.html Software...
Tango DropBox v3.1 PRO - ActiveX Heap Spray Exploit
Document Title: =============== Tango DropBox v3.1 PRO - ActiveX Heap Spray Exploit References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1529 View Video: https://www.youtube.com/watch?v=jOCGPNzqkXg Release Date: ============= 2015-06-18 Vulnerability Laboratory ID VL-ID:...
Tango DropBox v3.1 PRO - ActiveX Heap Spray Exploit
Document Title: =============== Tango DropBox v3.1 PRO - ActiveX Heap Spray Exploit References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1529 View Video: https://www.youtube.com/watch?v=jOCGPNzqkXg Release Date: ============= 2015-06-17 Vulnerability Laboratory ID VL-ID:...
WordPress Backup to Dropbox plugin cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress Backup to Dropbox is a plugin for backing up data to Dropbox. A cross-site scripting vulnerability exists in the WordPress Backup to Dropbox...