PT-2026-31431

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

EUVD-2017-6396

Malware in sbrugna...

EUVD-2023-24905

Malicious code in bioql PyPI...

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 For MT6880, MT6890, MT6980,...

CVE-2020-0133

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2012-6334

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."...

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 For MT6880, MT6890, MT6980,...

Information disclosure

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 For MT6880, MT6890, MT6980,...

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 For MT6880, MT6890, MT6980,...

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 For MT6880, MT6890, MT6980,...

PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not ...

R4Ven - Track Ip And GPS Location

Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location latitude and longitude of the target along with IP Address and Device Information. This tool is a Proof of...

We need to talk about sex toys and cyber security

Introduction We’ve written about the appalling security of smart sex toys over the years. Finally, an invite came to give a talk on the subject to a TEDx audience. I debated whether to give the talk with colleagues, as we’ve never wanted to be pigeon-holed in this space! But we felt that public...

Gumtree exposed users’ personal and GPS location via source code

By Waqas Gumtree.com or Gumtree is a London, England-based online classified advertisement website with millions of registered users. This is a post from HackRead.com Read the original post: Gumtree exposed users personal and GPS location via source code...

CVE-2020-0133

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Hamas Ensnares Israeli Soldiers with Pretty 'Ladies'

Hamas has been caught taking a classic “catfish” approach, to tempt Israeli soldiers into installing spyware on their phones. Members posed as teen girls who are looking for quality chat time. This is the third time that the Palestinian group has used the tactic – but this time it upped its...

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus , as the malware is called, the iOS version of the spyware was discovered by security...

CBM - Car Backdoor Maker

A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...

How to track and locate device on Xenmobile

Question: How to track and locate the device on XenMobile Answer: XenMobile tracks all of the device's location after customers' send the locate request. It would report the last known location of the device when the GPS is on. For more reference please refer the following article :...

Race condition

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur...