Malicious code in 1cat-tunnel-client-zx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796f1b18c13a38088b4e48d75575eb92b23af5d91cdfaf6a82717f0fabbc7a79 On npm install, the package's postinstall hook node install.js fetches a platform-specific executable from...

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

EUVD-2019-0244

Malware in sbrugna...

EUVD-2019-0249

Malware in sbrugna...

Malicious code in solaraexecutor (npm)

This package uses obfuscation to hide that its downloading a malicious binary from an attacker-controlled domain --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8807e1265b0c39afd3a6507559deb211f67d9a559b8094aecea14d18f30dcf7 Any computer that has this package...

GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

CVE-2020-24025

CVE-2020-24025 affects node-sass versions from 2.0.0 through 4.14.1, where certificate validation is disabled when requesting binaries, even if no alternative download path is specified. This can enable TLS validation bypass when fetching binaries. The description does not specify affected OSes o...

Velociraptor - Endpoint Visibility and Collection Tool

Velociraptor is a tool for collecting host based state information using Velocidex Query Language VQL queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: 1. Download the binary...

ManageEngine Asset Explorer Windows Agent Remote Code Execution

XL-2020-003 - Asset Explorer Windows Agent - Remote Code Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2020-8838 XL-20-003 CVSSv3 score ------------------------------------------------- 7...

ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine

Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. Application Inspector is different from traditional static...

pm2-kafka code execution vulnerability

pm2-kafka is a PM2 module for installing and running a kafka server. A security vulnerability exists in pm2-kafka that originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing...

cmake Remote Code Execution Vulnerability

cmake is a set of open source, cross-platform tools for building, testing and packaging software . A security vulnerability exists in cmake that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the...

gfe-sass Remote Code Execution Vulnerability

gfe-sass is a sass library. A security vulnerability exists in gfe-sass that originates when a program downloads a binary file over an unencrypted HTTP link. An attacker could exploit this vulnerability by intercepting the response and replacing the requested binary with a malicious executable fi...

webdriver-launcher remote code execution vulnerability

webdriver-launcher is a tool that enables you to launch your browser using webdriver. A security vulnerability exists in webdriver-launcher that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requeste...

jstestdriver Remote Code Execution Vulnerability

jstestdriver is a JavaScript code testing , running tools. A security vulnerability exists in jstestdriver that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with an...

redis-srvr code execution vulnerability

redis-srvr is a package for downloading and installing Redis. A security vulnerability exists in redis-srvr that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

Slimerjs-edge Remote Code Execution Vulnerability

slimerjs-edge is a scriptable browser for web development and testing. A security vulnerability exists in slimerjs-edge that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

Haxe 3 Remote Code Execution Vulnerability

Haxe 3 is a toolkit for building cross-platform tools and frameworks. A security vulnerability exists in Haxe 3 that originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing th...

openframe-asciii-image module code execution vulnerability

The openframe-ascii-image module is an extension to the Openframe format that displays static images rendered in ASCLL format via fim. A security vulnerability exists in the openframe-asciii-image module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. ...

react-native-baidu-voice-synthesizer code execution vulnerability

react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...