Node.js third-party modules: Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package

I would like to report an arbitrary filesystem write vulnerability in Yarn when installing a malicious package from the default repositories. This vulnerability has the potential for RCE -- even if --ignore-scripts is disabled. It allows a malicious package, upon install, to write to any path on...

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

AZL-44988 CVE-2016-4983 affecting package dovecot 2.3.20-1

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

Code injection

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

Solaris 10 (x86) : 119784-43

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Malicious Package

harmlesspackage is a malicious package. The package contains malicious code existing as a postinstall script. The package printed a message to the console and performed a GET request to a remote server...

Malicious Package

Overview Version 0.0.1 of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise. References...

Malicious Package

Overview All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that comput...

Malicious Package

Overview All versions of only-test-not-install contain malicious code. The package deletes the folder /test from the system as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise. References GitHub Advisory...

Malicious Package

Overview All versions of my-very-own-package contain malicious code. The package sends the output of process.versions, process.arch and process.platform to a remote server in a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...

Malicious Package

Overview All versions of maybemaliciouspackage contain malicious code. The package prints the system's SSH keys to the console as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise. References GitHub Advisory...

Malicious Package

Overview Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee...

Joomla! 3.4.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 3.6.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 3.2.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 3.0.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Malicious Package

A malicious version of eslint-config-eslint has been published onto the npm registry. This malicious version attempts to steal the user's npm authentication token from .npmrc through a postinstall script specified in package.json. Successful attempts would result in compromised authentication...