MAL-2024-7792 Malicious code in roblox-ts-core (npm)

This package contains a malicious postinstall script which downloads further payloads and delivers QuasarRAT. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e846a11945248574678fe65e4f8cd5b4a766ff129c761b615aef0f0c595fa5 Any computer that has this package installe...

Malicious code in noblox.ts-core (npm)

This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...

Malicious code in noblox-ts (npm)

This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...

RHEL 6 : dovecot (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dovecot: Buffer overflow in indexer-worker process results in privilege escalation CVE-2019-7524 - A...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

PT-2024-21805

Name of the Vulnerable Software and Affected Versions Support App versions prior to 2.5.1 Rev 2 Description The issue is related to the postinstall installer script, which can be abused to execute arbitrary code as root due to the use of the shebang !/bin/zsh. When the installer is executed, it...

SUSE CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

PT-2022-18679 · Automox · Automox Agent For Macos

Name of the Vulnerable Software and Affected Versions: Automox Agent for macOS versions prior to 39 Automox Agent for macOS versions prior to 37 Description: The issue is related to a time-of-check/time-of-use TOCTOU race-condition attack that can occur during the agent install process. It also...

Malicious Package

Overview The package jdb.js contained malicious code. The package ran a postinstall script and contained a dropper for the njRAT/Bladabindi Remote Access Trojan. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys...

Malicious Package

ac-addon is a malicious package. The package includes a postinstall script that executes two malicious .exe files containing Trojan malware...

Malicious Package

wsbd.js is a malicious package. The package executes a malicious postinstall script which runs an exe file containing Trojan malware upon installation...

Malicious Package

Overview The package wsbd.js contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package

Overview The package discord.dll contained malicious code. The package ran a postinstall script that exfiltrated local files such as browser local databases. The information was exfiltrated to a remote Discord webhook. Recommendation Remove the package from your system and rotate any credentials...

GHSA-8MM3-2MCJ-CX6R Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

Malicious Package in shrugging-logging

All versions of shrugging-logging contain malicious code as a postinstall script. The package fetches all names of npm packages owned by the user and attempts to add another maintainer to every package as a means of package hijacking, Recommendation Remove the package from your system. If you own...

GHSA-8HMR-W35F-3QGJ Malicious Package in harmlesspackage

Version 0.0.1 of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise...

Malicious Package in harmlesspackage

Version 0.0.1 of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise...

GHSA-JF8X-WG7F-P3W8 Malicious Package in cage-js

All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should...

Malicious Package in cage-js

All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should...