Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure |
Server-Side Request Forgery (SSRF) |
sayaanalam |
High |
2020-11-10 |
Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure |
Server-Side Request Forgery (SSRF) |
sayaanalam |
High |
2020-11-10 |
Broken OAuth leads to change photo profile users . |
Improper Authentication - Generic |
u0pattern |
No rating |
2020-10-21 |
Local Privilege Escalation on Dropbox Desktop for Windows |
Privilege Escalation |
tesitura |
Medium |
2020-09-03 |
Dropbox Paper - Markdown XSS |
Cross-site Scripting (XSS) - Stored |
paulos_ |
No rating |
2018-10-29 |
Stored XSS in dropboxforum.com |
Cross-site Scripting (XSS) - Stored |
dumeelvavvalu |
No rating |
2018-10-19 |
Dropbox employee benefits documents are available in a test Dropbox folder |
None supplied |
phwd |
No rating |
2018-09-17 |
Exposed Git Repo at http://fileserver.dropboxbusiness.com |
Information Disclosure |
todayisnew |
Low |
2018-09-14 |
Bypass Local Authentication (TouchID) |
Improper Authentication - Generic |
zeq3ul |
None |
2018-06-13 |
User Impersonation - Create Support Ticket With Any Registered Account Email |
None supplied |
oaidjoaisdjoaisjdioasfsdhfuios |
High |
2018-05-01 |
Android - Access of some not exported content providers |
Privilege Escalation |
bagipro |
Low |
2017-11-30 |
Missing URL sanitization in comments can be leveraged for phishing |
Phishing |
leovin |
Medium |
2017-08-04 |
SSL Key Certificate expires |
Improper Access Control - Generic |
honccbb |
None |
2017-05-04 |
CSV Injection with the CVS export feature |
None supplied |
sunil995 |
High |
2017-04-13 |
Subtile Code Injection Vulnerability in Dropbox for Windows |
Command Injection - Generic |
fbogner |
No rating |
2016-12-03 |
[monitor.sjc.dropbox.com] CRLF Injection |
None supplied |
bobrov |
No rating |
2016-11-02 |
XSS in OAuth Redirect Url |
Cross-site Scripting (XSS) - Generic |
hussein98d |
No rating |
2016-10-06 |
SSRF allows access to internal services like Ganglia |
Information Disclosure |
agarri_fr |
No rating |
2016-08-30 |
XSS, Unvalidated redirects & phishing website hosting on dropbox servers |
None supplied |
coder13 |
No rating |
2016-08-30 |
Can make any number of dropbox accounts with one email |
Violation of Secure Design Principles |
maxon_omar_saleh |
No rating |
2016-08-30 |
Lack of account link warning enables dropbox hijacking |
Violation of Secure Design Principles |
albinowax |
No rating |
2016-06-27 |
Dropbox apps Server side request forgery |
Improper Authentication - Generic |
ehsahil |
No rating |
2016-05-09 |
No Rate Limiting while sending the feedback under Dropbox Help Centre |
Denial of Service |
nileshsapariya |
No rating |
2016-04-13 |
Possible SQL injection can cause denial of service attack |
SQL Injection |
super_hack |
No rating |
2016-04-10 |
XSS in dropbox main domain |
Cross-site Scripting (XSS) - Generic |
missoum1307 |
No rating |
2015-06-09 |
Race condition when redeeming coupon codes |
None supplied |
franjkovic |
No rating |
2015-05-11 |
SSRF vulnerablity in app webhooks |
Information Disclosure |
haquaman |
No rating |
2015-04-24 |
XSS in version history of an HTML file in a shared folder |
Cross-site Scripting (XSS) - Generic |
haquaman |
No rating |
2015-04-17 |
Create N Accounts In Dropbox Irrespective Of Domain |
Memory Corruption - Generic |
rohill-eis |
No rating |
2015-04-04 |
Unvalidated Redirects and Stored XSS |
Cross-site Scripting (XSS) - Generic |
aarmageddon |
No rating |
2015-03-05 |
WP User Enumeration is possible at https://blog.dropbox.com |
Violation of Secure Design Principles |
panchocosil |
No rating |
2015-02-12 |