EUVD-2012-2548

Malware in sbrugna...

Malicious code in mobiletrack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a464415caaaafd6b062af71a195f028faa18254aacdf4d305a41a3c7a669e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7716 Malicious code in mobiletrack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a464415caaaafd6b062af71a195f028faa18254aacdf4d305a41a3c7a669e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

CVE-2012-2562

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...

Command injection

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...

Hardcoded credentials

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

CVE-2012-2567

The CVE-2012-2567 entry refers to Xelex MobileTrack for Android (2.3.7 and earlier) that uses hardcoded credentials and transmits data over an insecure FTP/HTTP session, exposing potentially sensitive user data. Root cause: information exposure due to non-secure authentication/storage configurati...

CVE-2012-2562

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...

CVE-2012-2562

The CVE-2012-2562 entry concerns Xelex MobileTrack for Android (≤ 2.3.7). The issue is lack of verification of SMS command origin, allowing an unauthenticated remote attacker to issue commands (LOCATE, TRACK, UPDATECFG, UPDATEACCT, STAT, TERM, WIPE) via SMS. Consequences cited include possible un...

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

Xelex Technologies MobileTrack contains multiple vulnerabilities

Overview Xelex Technologies' MobileTrack application has been reported to not verify the source of administrative SMS commands. An unauthenticated remote attacker can send commands over SMS to MobileTrack. User data is also exposed on an insecure FTP server account. Description The website for...