Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dropbox vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-4488
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated malicious users to include and execute arbitrary files on the server, allowing the execution of any PHP c...
Hynotech Dropbox Folder Share
7.2
CVSSv3
CVE-2023-3025
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated malicious users to make web requests to arbitrary locations originating from the w...
Hynotech Dropbox Folder Share
9.8
CVSSv3
CVE-2022-4768
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to...
Dropbox Merou
7.8
CVSSv3
CVE-2022-26181
Dropbox Lepton v1.2.1-185-g2a08b77 exists to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
Dropbox Lepton 1.2.1
6.1
CVSSv3
CVE-2020-12759
Zulip Server prior to 2.1.5 allows reflected XSS via the Dropbox webhook.
Zulip Zulip Server
4.9
CVSSv3
CVE-2015-4715
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server prior to 6.0.8, 7.x prior to 7.0.6, and 8.x prior to 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) cha...
Owncloud Owncloud
6.1
CVSSv3
CVE-2012-4029
Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS prior to 1.8.8.6 allows remote malicious users to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.
Chamilo Chamilo
7.8
CVSSv3
CVE-2019-12171
Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.
Dropbox Dropbox 71.4.108.0
7.8
CVSSv3
CVE-2018-20819
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing ...
Dropbox Lepton 1.2.1
5.5
CVSSv3
CVE-2018-20820
read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows malicious users to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.
Dropbox Lepton 1.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »