A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local...
9.8CVSS
9.3AI Score
0.003EPSS
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external...
6.1CVSS
6.2AI Score
0.0005EPSS
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have.....
7.5CVSS
7.3AI Score
0.001EPSS
Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device...
7.5CVSS
7.2AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4...
5.9CVSS
4.8AI Score
0.0004EPSS
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP...
6.9AI Score
0.003EPSS
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code...
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and....
7.2CVSS
7.2AI Score
0.019EPSS
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a...
8.8CVSS
8.5AI Score
0.001EPSS
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS...
7.1CVSS
6.3AI Score
0.001EPSS
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...
6.8CVSS
6.5AI Score
0.001EPSS
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and...
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with...
7.8CVSS
7.5AI Score
0.002EPSS
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator...
5.9CVSS
5.7AI Score
0.001EPSS
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as...
7.5CVSS
7.5AI Score
0.006EPSS
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login...
9.8CVSS
9.3AI Score
0.013EPSS
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by...
9.8CVSS
9.5AI Score
0.011EPSS
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)...
7.5CVSS
7.3AI Score
0.001EPSS
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command,...
7.5CVSS
7.5AI Score
0.001EPSS
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another...
5.3CVSS
5.4AI Score
0.001EPSS
Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite...
6.8AI Score
0.003EPSS
The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The iGolf - Golf GPS (aka com.igolf) application 20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog...
7.6AI Score
0.661EPSS