ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability | allinfosecnews.com

June 13, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5924.

0day attackers bypass bypass vulnerability cves cvss desktop dropbox exploit file folder malicious mark mechanism page protection rating sharing target vulnerability web web protection zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 1 day, 9 hours ago | www.zerodayinitiative.com

attackers authentication cve cve-2024 +16

ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +25

ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +21

ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cam +23

ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +24

ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication cameras +16

ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

attackers authentication cameras cvss +11

ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

attacker attackers cameras code +18

ZDI-24-833: (Pwn2Own) Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability 5 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication buffer +17

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com