GHSA-WXRM-2H86-V95F Malicious Package in pizza-pasta

Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...

Imgur: De-anonymization Attack: Cross Site Information Leakage

Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...

Imgur: Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event

Hi, This was a fun one. So I noticed you're using swfupload.swf which is hosted on the main domain, imgur.com. This swfupload.swf as some settings you can use to modify the button on the upload. You can actually insert HTML into the Flash, but the button event that you select yourself using anoth...

imgur.com XSS vulnerability

Vulnerable URL: http://imgur.com/r/a%3Cimg%20src=x%20onerror=alert%28%27XSSPOSED%27%29 Details: Description| Value ---|--- Patched:| Yes, at 29.06.2015 Latest check for patch:| 29.06.2015 20:10 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 45 Google Pagerank| ...