Lucene search
+L

3553 matches found

OSV
OSV
added 2020/09/02 9:47 p.m.12 views

GHSA-FGFJ-RJ24-MJ7Q Malicious Package in kraken-api

Version 0.1.8 of kraken-api contains malicious code as a postinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...

7.9AI score
Exploits0References1
Node.js
Node.js
added 2019/11/27 10:14 p.m.17 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.16 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/27 10:14 p.m.18 views

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/13 3:26 p.m.16 views

Malicious Package

Overview All versions of arsenic-tabasco-cyborg-peanut-butter contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and ke...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/07 10:10 p.m.12 views

Malicious Package

Overview All versions of sj-tw-abc contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/11/07 1:55 p.m.11 views

Malicious Package

Overview All versions of sj-tw-sec contain malicious code. The package downloads and runs a script that opens a reverse shell in the system. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/12 10:13 p.m.15 views

Malicious Package

Overview All versions of qingting contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/07/12 10:4 p.m.15 views

Malicious Package

Overview All versions of ali-contributors contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/03 7:0 p.m.20 views

Malicious Package

Overview Version 0.1.8 of kraken-api contains malicious code as a postinstall script. When installed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation Any computer that has this package installed or running should be considered fully compromised...

7.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/03 3:12 p.m.16 views

Malicious Package

Overview Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/31 8:56 p.m.14 views

Malicious Package

Overview Version 9.0.0 of colro-name contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets a...

7.1AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/30 7:50 p.m.16 views

Malicious Package

Overview Version 1.8.4 of bowee contained malicious code as a preinstall script. The package downloaded a file from a remote server, executed it and opened a backdoor. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and ke...

7.1AI score
Exploits0Affected Software1
Rows per page
Query Builder