CVE-2024-39899 PrivateBin allows shortening of URLs for other domains

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

dpaste Cross-Site Scripting Vulnerability

dpaste is a Pastebin application written using the Django framework. A cross-site scripting vulnerability exists in versions prior to dpaste v3.8, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that can be exploited by an attacker to execute arbitrary...

LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

Malicious Package

Overview Coinbase.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed. Indicator...

Malicious Package

Overview make-box is a malicious package. It distributes Discord malware hosted on pastebin, that can steal important host information and credentials. Remediation Avoid using all malicious instances of the make-box package. Credit: Snyk Research Team...

CVE-2022-43363

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding...

CVE-2022-43363

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS finding...

Cross site scripting

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

CVE-2022-24833

CVE-2022-24833 is a Persistent XSS in PrivateBin caused by SVG attachments with JavaScript before v1.4.0. The issue originates from how image previews were rendered for attachments (introduced around v0.21) and could execute code when a user opened a crafted SVG, bypassed or mishandled CSP. Affec...

CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

PasteMonitor - Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match

Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions for educational purposes only: Download daily new public pastes Average number of pastes per day: 1000-3000 filetyp...

Numando: A New Banking Trojan Targeting Latin American Users

A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America LATAM after Guildma, Javali,...

Joomla Matukio Events 7.0.5 Cross Site Scripting

Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS Date:08.03.2021 Author: Vincent666 ibn Winnie Software Link: https://matukio.compojoom.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ Google Dorks:...

Joomla Matukio Events 7.0.5 Cross Site Scripting Vulnerability

Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS Author: Vincent666 ibn Winnie Software Link: https://matukio.compojoom.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ Google Dorks: inurl:option=commatukio...

Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...

Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users

Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems. Called ElectroRAT by Intezer, the RAT is written from...

MOSINT - OSINT Tool For Emails

MOSINT is an OSINT Tool for emails. It helps you gather information about the target email.  Features: Verification Service Check if email exist Check social accounts with Socialscan Check data breaches need API Find related emails Find related phone numbers Find related domains Scan Pastebin...

Oblivion - Data Leak Checker And OSINT Tool

Oblivion is a tool focused in real time monitoring of new data leaks, notifying if the credentials of the user has been leak out. It's possible too verify if any credential of user has been leak out before. The Oblivion have two modes: Oblivion Client: graphical mode. Oblivion Server: mode with A...

Gitpaste-12 Worm Widens Set of Exploits in New Attacks

The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things IoT...

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...