636 matches found
Dropbox: SSRF vulnerablity in app webhooks
Server Side Request Forgery SSRF is a vulnerabilty which allows an attacker to make web requests from the context of the server host machine to arbitrary URL's. This vulnerability can allow the attacker to access resources internal to the network, which would otherwise be inaccessible. This...
Dropbox: XSS in version history of an HTML file in a shared folder
Note, the shared folder part of this bug isn't necessary for this exploit, but shows a proof of concept on how you can exploit other users. This bug is a cross site scripting vulnerablity XSS, which allows arbitrary scripts commonly javascript supplied by an attacker to be run within the context ...
Dropbox Launches Bounty Program on HackerOne
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...
Dropbox Acquisitions: XSS in https://hackpad.com/
Hi I found a XSS in your website in the following links.It is not very different from the last time which I reported.Rather it is on a same page...
Dropbox SDK for Android Security Bypass Vulnerability
Dropbox is an innovative online file storage, synchronization, and sharing service that offers free client software, is open source and cross-platform, and runs on Windows, Mac OS X, and Linux operating systems. A security bypass vulnerability exists in Dropbox SDK for Android. An attacker can...
Dropbox SDK for Android account spoofing
It's possible to spoof account via OAuth...
Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)
Hi, We have recently discovered a vulnerability in the Dropbox SDK for Android. This vulnerability may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques. The vulnerability is...
Dropbox Acquisitions: unknow files Upload in profile photo
hi user can upload any formate files in https://hackpad.com/ep/profile/ click on change profile photo pop up box is open hear you can upload php, xml,html what ever you want i think it's not gud hop u soon fix this Thank you...
The Dropbox SDK, there is a remote exploit, has been an emergency fix-bug warning-the black bar safety net
! The Dropbox developers recently fixed the Android version of the Dropbox SDK to store the application on a remote exploitation vulnerability, an attacker exploit the vulnerability without user consent directly to the app and the Dropbox account is connected. As long as the user installed...
Dropbox Patches Remotely Exploitable Vulnerability in SDK
Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the storage app that enabled attackers to connect applications to a Dropbox account without the user’s consent. This could have opened users up to the theft of information from any app that use...
Dropbox: Create N Accounts In Dropbox Irrespective Of Domain
I've found a flaw which does not verify your email, when you sign up for a new account, irrespective of domain name we can create multiple accounts. So we can use fake emails to get as many dropbox accounts. PFA video and get back to me if there is anything else...
Dropbox: Unvalidated Redirects and Stored XSS
Hi, This bug might interest you. In the process of testing , I uploaded a file which contained the scripts: window.opener.location.replace'http://blackhorse.x10host.com/test.php'; alertdocument.domain alertdocument.cookie On opening of the uploaded file through the events section, the XSS pop-ups...
Dropbox: WP User Enumeration is possible at https://blog.dropbox.com
Hello security team. I like to report this bug I found. Here are some user ID's proofing user enumeration is possible. User ID 2 : drew User ID 4 : jon User ID 6 : arash User ID 9 : dan User ID 10 : arash-ferdowsi User ID 11 : dropbox-team User ID 13 : ivan It is recommended to rename the admin...
WordPress Backup to Dropbox 4.0 - Reflected XSS
The wordpress-backup-to-dropbox WordPress plugin was affected by a Reflected XSS security vulnerability...
Dropbox: [monitor.sjc.dropbox.com] CRLF Injection
PoC for any browser other than FireFox: https://monitor.sjc.dropbox.com/crlf%0dSet-Cookie:test=test;domain=.dropbox.com HTTP Response: HTTP/1.1 301 Moved Permanently\r\n Date: Sat, 13 Dec 2014 10:05:12 GMT\r\n Server: Apache\r\n Location: https://monitor.dropbox.com//crlf\r injectoin...
Dropbox Denies Hack, Says 'Your Stuff is Safe'
Dropbox officials on Monday said that a large cache of usernames and passwords posted online and alleged to have come from the company’s users are not related to Dropbox customer accounts. A spate of media reports reported yesterday that attackers had stolen several million sets of credentials fr...
Nearly 7 Million Dropbox Account Passwords Allegedly Hacked
Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world. Dropbox, the popular online locker service, appears to have...
New Initiative Simply Secure Aims to Make Security Tools Easier to Use
The dramatic revelations of large-scale government surveillance and deep penetration of the Internet by intelligence services and other adversaries have increased the interest of the general public in tools such as encryption software, anonymity services and others that previously were mainly of...
DROPBOX Cloud Service Detection
Binary data 8444.prm...
Dropbox Reports 80 Percent of Subpoenas Contain Gag Request
Most U.S. government subpoenas for data on Dropbox users are accompanied with a request not to inform the user in question. Dropbox legal counsel Bart Volkmer said those gag orders are repelled unless there is a valid court order. The revelation accompanied the release of the cloud storage...