DropBox version 1.4.6 on iOS, 2.0.1 on Android, and Google Drive version 1.0.1 on iOS suffer from a file theft vulnerability due to allowing arbitrary javascript to be executed inside of the privileged file zone.
1100900c25b938d98c9dde4e251799a63bd5241f918b5ca23fa9c84977c34291
Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.
0bd3a8c8f0e7d623ca6c0a93b89eafc1a6b96bf0bf1d166ca1011aeb8a251df2
Dropbox version 6.4.14 has an installer that suffers from a dll hijacking vulnerability.
bfc55686208a6af0facb4041226b4d6d0ad4997fe3955ce1a49bfd0385b724bb
The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.
2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0
Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e5112
A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.
a7cb57797a2240ddf7249a1c2eaae396a47c7ed63e6fdc3c40f4ef850798d906
WordPress Simple Dropbox Upload plugin version 1.8.8 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
6334b152cfb68d40bcd930b489d0883ba0feb8d71bafd8b4126a6c3ae3d6d86e
Secunia Security Advisory - A security issue has been reported in Dropbox for Android, which can be exploited by malicious people to bypass certain security restrictions.
4ae44cc9689d556977db4cfd23b6657cd93d64f8ea1b4f6566f34b56627027b0
A bug in Blackboard Learning System release 6 allows users to steal documents out of the digital dropbox of other users. Remote perl exploit included.
25e6d7fa0bcf5322d784aae69a7d723c7a2a77c7d734ecd26ddce28269d237a8