505 matches found
Malicious Package
soket.jc is a malicious package. When installed, the package opens a backdoor to the Command and Control server that allows remote code execution...
GHSA-M2FP-C79H-RR79 Malicious Package in tensorplow
All versions of tensorplow contain malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secret...
GHSA-FQW7-8V6M-2F86 Malicious Package in hulp
All versions of hulp contain malicious code as a preinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and...
GHSA-J3QQ-QVC8-C6G7 Malicious Package in foever
All versions of foever are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This packag...
Malicious Package in foever
All versions of foever are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This packag...
Malicious Package in soket.js
All versions of soket.js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in soket.io
All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
GHSA-WP2P-Q35G-3RJJ Malicious Package in soket.io
All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in regenraotr
All versions of regenraotr are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
GHSA-5X7P-GM79-383M Malicious Package in regenraotr
All versions of regenraotr are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
Malicious Package in regenrator
All versions of regenrator are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
GHSA-M5P4-7WF9-6W99 Malicious Package in regenrator
All versions of regenrator are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...
GHSA-WPFC-3W63-G4HM Malicious Package in axois
All versions of axois are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This package...
Malicious Package in axois
All versions of axois are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This package...
npm-script-demo is malware
The npm-script-demo package is a piece of malware that opens a connection to a command and control server and executed the instructions it is given. It has been removed from the npm registry. Recommendation Any computer that has this package installed or running should be considered fully...
GHSA-322M-P39J-R5M2 npm-script-demo is malware
The npm-script-demo package is a piece of malware that opens a connection to a command and control server and executed the instructions it is given. It has been removed from the npm registry. Recommendation Any computer that has this package installed or running should be considered fully...
Mac Users Targeted by Spyware Spreading via Xcode Projects
A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...
The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the unencrypted storage of user credentials, allows a intruder to gain unauthorized access to users’ credentials.
The vulnerability of the Central Control Server CCS and the Video Server of Siemens’ SiNVR 3 solution for video management involves unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to users’...
The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the lack of measures for cleaning input data, allows a intruder to inject malicious code into the web application of the Central Control Server.
The vulnerability of the Central Control Server CCS and the video server of Siemens’ SiNVR 3 solution relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to inject malicious code into the web application of the Central Control Server...
The vulnerability of the central control server of SiNVR 3 Central Control Server lies in security flaws in the XML-based communication protocol, allowing attackers to perform arbitrary actions on the vulnerable device.
The vulnerability of the central control server of SiNVR 3 Central Control Server is related to security vulnerabilities in the XML-based communication protocol. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...