Malicious code in sjs-lint-build1 (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

sjs-biginteger (=5.0.6) potentially affected by unknown CVE via sjs-lint-build1 (=1.0.4)

sjs-lint-build1 NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on sjs-lint-build1 and may be impacted: - sjs-biginteger =5.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-2528...

CVE-2020-8645

An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is jobid. The function is getJobApplicationsByJobId. The file is lib/class.JobApplication.php...

CVE-2020-8645

CVE-2020-8645 affects Simplejobscript.com SJS (up to v1.66). The issue is an unauthenticated SQL injection in the job applications search function, exploitable via the vulnerable parameter job_id in the function getJobApplicationsByJobId() within the file _lib/class.JobApplication.php . The CVSS ...

CVE-2020-8440

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

CVE-2020-8440

CVE-2020-8440 affects Simplejobscript.com SJS, specifically the controllers/page_apply.php component, up through version 1.66. The issue is an unauthenticated Remote Code Execution vulnerability triggered by uploading a PHP script as a resume, allowing attackers to execute arbitrary code on the s...

CVE-2020-7229

An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landinglocation. The function is countSearchedJobs. The file is lib/class.Job.php...

CVE-2020-7229

Simplejobscript.com SJS

Design/Logic Flaw

The Sun Java System SJS Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service daemon crash via a GET request...

CVE-2009-2597

The CVE-2009-2597 entry concerns Sun Java System Web Proxy Server (SJS Web Proxy Server) with the Policy Agent module 2.2. It describes a remote DoS condition where a crafted GET request can trigger a daemon crash, affecting the server. The affected context explicitly notes SJS Web Proxy Server 4...

CVE-2007-4025

CVE-2007-4025 affects Sun Java System Application Server (SJS) 8.1–9.0 prior to 20070724 on Windows. It allows remote attackers to obtain JSP source code via unspecified vectors. The connected documents do not specify root cause, explicit exploit method, or a fix/remediation. No remediation detai...