CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-49607 – WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49607
17 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. The WP Dropbox Dropins plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-49607 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5924 – Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-5924
13 Jun 2024 — Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application ... • https://www.zerodayinitiative.com/advisories/ZDI-24-677 • CWE-693: Protection Mechanism Failure •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40004 – Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins
https://notcve.org/view.php?id=CVE-2023-40004
30 Aug 2023 — Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: fr... • https://patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-12171
https://notcve.org/view.php?id=CVE-2019-12171
08 Jul 2019 — Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process. El archivo Dropbox.exe (y el archivo QtWebEngineProcess.exe en el Asistente Web) en la aplicación de escritorio de Dropbox versión 71.4.108.0, almacenan credenciales de texto sin cifrar en la memoria al iniciar sesión correctamente o crear una nueva cuenta. Estos no so... • https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5 • CWE-312: Cleartext Storage of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12446
https://notcve.org/view.php?id=CVE-2018-12446
20 Jun 2018 — An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred ** EN DISPUTA ** Se ha descubierto un problema en la vers... • https://gist.github.com/tanprathan/97b4c04ec6af4da62929e73214fddd1b • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12445
https://notcve.org/view.php?id=CVE-2018-12445
20 Jun 2018 — An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within ... • https://gist.github.com/tanprathan/0b63b1868307c732190c2ad3bd1791c7 • CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12271
https://notcve.org/view.php?id=CVE-2018-12271
13 Jun 2018 — An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on w... • https://gist.github.com/tanprathan/6e8ed195a2e05b7f9d9a342dbdacb349 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-8889 – Dropbox SDK for Android Remote Exploitation
https://notcve.org/view.php?id=CVE-2014-8889
11 Mar 2015 — Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. Dropbox SDK para Android en versiones anteriores a la 1.6.2 podría permitir que atacantes remotos obtengan información sensible mediante malware manipulado o un ataque Drive-by Download. • https://packetstorm.news/files/id/130767 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9310 – WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9310
22 Dec 2014 — Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. Vulnerabilidad de tipo Cross-site scripting (XSS) en el plugin WordPress Backup to Dropbox, en versiones anteriores a la 4.1. • http://www.securityfocus.com/bid/75082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3354
https://notcve.org/view.php?id=CVE-2010-3354
20 Oct 2010 — dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. dropboxd en Dropbox v0.7.110 coloca un nombre de directorio con tamaño "zero" en LD_LIBRARY_PATH, lo que permite a usuarios locales obtener privilegios a través de un troyano compartido en la librería del actual directorio de trabajo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287 •