Dropbox


31 total issues disclosed

$17,203 total paid publicly


Most disclosed (6 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure Server-Side Request Forgery (SSRF) sayaanalam High 2020-11-10
Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure Server-Side Request Forgery (SSRF) sayaanalam High 2020-11-10
Broken OAuth leads to change photo profile users . Improper Authentication - Generic u0pattern No rating 2020-10-21
Local Privilege Escalation on Dropbox Desktop for Windows Privilege Escalation tesitura Medium 2020-09-03
Dropbox Paper - Markdown XSS Cross-site Scripting (XSS) - Stored paulos_ No rating 2018-10-29
Stored XSS in dropboxforum.com Cross-site Scripting (XSS) - Stored dumeelvavvalu No rating 2018-10-19
Dropbox employee benefits documents are available in a test Dropbox folder None supplied phwd No rating 2018-09-17
Exposed Git Repo at http://fileserver.dropboxbusiness.com Information Disclosure todayisnew Low 2018-09-14
Bypass Local Authentication (TouchID) Improper Authentication - Generic zeq3ul None 2018-06-13
User Impersonation - Create Support Ticket With Any Registered Account Email None supplied oaidjoaisdjoaisjdioasfsdhfuios High 2018-05-01
Android - Access of some not exported content providers Privilege Escalation bagipro Low 2017-11-30
Missing URL sanitization in comments can be leveraged for phishing Phishing leovin Medium 2017-08-04
SSL Key Certificate expires Improper Access Control - Generic honccbb None 2017-05-04
CSV Injection with the CVS export feature None supplied sunil995 High 2017-04-13
Subtile Code Injection Vulnerability in Dropbox for Windows Command Injection - Generic fbogner No rating 2016-12-03
[monitor.sjc.dropbox.com] CRLF Injection None supplied bobrov No rating 2016-11-02
XSS in OAuth Redirect Url Cross-site Scripting (XSS) - Generic hussein98d No rating 2016-10-06
SSRF allows access to internal services like Ganglia Information Disclosure agarri_fr No rating 2016-08-30
XSS, Unvalidated redirects & phishing website hosting on dropbox servers None supplied coder13 No rating 2016-08-30
Can make any number of dropbox accounts with one email Violation of Secure Design Principles maxon_omar_saleh No rating 2016-08-30
Lack of account link warning enables dropbox hijacking Violation of Secure Design Principles albinowax No rating 2016-06-27
Dropbox apps Server side request forgery Improper Authentication - Generic ehsahil No rating 2016-05-09
No Rate Limiting while sending the feedback under Dropbox Help Centre Denial of Service nileshsapariya No rating 2016-04-13
Possible SQL injection can cause denial of service attack SQL Injection super_hack No rating 2016-04-10
XSS in dropbox main domain Cross-site Scripting (XSS) - Generic missoum1307 No rating 2015-06-09
Race condition when redeeming coupon codes None supplied franjkovic No rating 2015-05-11
SSRF vulnerablity in app webhooks Information Disclosure haquaman No rating 2015-04-24
XSS in version history of an HTML file in a shared folder Cross-site Scripting (XSS) - Generic haquaman No rating 2015-04-17
Create N Accounts In Dropbox Irrespective Of Domain Memory Corruption - Generic rohill-eis No rating 2015-04-04
Unvalidated Redirects and Stored XSS Cross-site Scripting (XSS) - Generic aarmageddon No rating 2015-03-05
WP User Enumeration is possible at https://blog.dropbox.com Violation of Secure Design Principles panchocosil No rating 2015-02-12