Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

EUVD-2018-21645

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

CVE-2018-25192

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

CVE-2018-25192 GPS Tracking System 2.12 SQL Injection via username Parameter

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

CVE-2018-25192

GPS Tracking System 2.12 is vulnerable to SQL injection via the username parameter in login.php, allowing unauthenticated bypass of authentication. The underlying issue is a SQL injection in the login flow, enabling attackers to gain unauthorized access without valid credentials. Reported impact ...

CVE-2018-25192 GPS Tracking System 2.12 SQL Injection via username Parameter

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

PT-2026-23702

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer...

EUVD-2020-26460

Malware in sbrugna...

EUVD-2025-2572

Malicious code in bioql PyPI...

EUVD-2023-55488

Malicious code in bioql PyPI...

EUVD-2021-8656

Malicious code in bioql PyPI...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances wit...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

AAT 信息泄露漏洞

AAT is a GPS tracking application by bailuk personal developer. It is used for tracking physical activity with a focus on cycling. An information disclosure vulnerability exists in versions prior to AAT v1.26, which stems from being susceptible to data disclosure from a malicious application...

Exploit for CVE-2024-24809

CVE-2024-24809 Detail Description Traccar is an open sourc...

CVE-2024-31214

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...

CVE-2024-31214 Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...