XML Injection

Overview Affected versions of this package are vulnerable to XML Injection in the KML and GPX export functionality. An attacker can corrupt the file structure and spoof exported location data by creating a device with a crafted name that injects XML content into the exported files. Remediation...

CVE-2026-27693

CVE-2026-27693 affects Traccar (org.traccar:traccar) versions 6.11.1–

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

EUVD-2026-27307

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-27693 traccar allows XML injection in KML and GPX exports

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

EUVD-2007-1250

Malware in sbrugna...

EUVD-2006-7139

Malware in sbrugna...

EUVD-2007-6180

Malware in sbrugna...

PT-2023-18780 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The lookup table upload feature in Splunk Enterprise allowed users to upload lookup tables with...

Fedora: Security Advisory for libkml (FEDORA-2022-6746739d52)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: libkml-1.3.0-37.fc36

Reference implementation of OGC KML 2.2. It also includes implementations of Google's gx: extensions used by Google Earth, as well as several utility libraries for working with other formats...

geojsonkml Command Injection Vulnerability

geojsonkml is an open source node.js module for converting geojson to kml. A command injection vulnerability exists in geojson2kml, which stems from vulnerability to command injection attacks via the index.js file...

Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms

This project is currently not maintained. I haven't put any work on it since 2016 and with the current state of the API access to instagram and twitter, and the default settings for their geolocation features cree.py wouldn't be of much use. I will live the repository and site up for the time but...

Command Injection

Overview geojson2kml is a node.js module for converting geojson to kml Affected versions of this package are vulnerable to Command Injection via the index.js file. PoC: var a =require"geojson2kml"; a"./","& touch JHU",function Remediation There is no fixed version for geojson2kml. References -...

kml-autoparts.com Cross Site Scripting vulnerability OBB-1304878

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

kml-autoparts.com Cross Site Scripting vulnerability OBB-1295502

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

WiGLE - Wifi Wardriving (Nethugging Client For Android)

Open source network observation, positioning, and display client from the world's largest queryable database of wireless networks. Can be used for site-survey, security analysis, and competition with your friends. Collect networks for personal research or upload to https://wigle.net. WiGLE has be...

gdal: Memcpy-param-overlap in KML::unregisterLayerIfMatchingThisNode

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5115360233652224 Project: gdal Fuzzer: libFuzzergdalogrfuzzer Fuzz target binary: ogrfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address:...

ip-geolocation-map-kml NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and produces a KML file of points representing the targets. See also: ip-geolocation-geoplugin.nse ip-geolocation-ipinfodb.nse ip-geolocation-map-bing.nse ip-geolocation-map-google.nse...