9 matches found
EUVD-2012-2548
Malware in sbrugna...
CVE-2012-2562
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...
CVE-2012-2567
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...
Hardcoded credentials
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...
Command injection
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...
CVE-2012-2567
The CVE-2012-2567 entry refers to Xelex MobileTrack for Android (2.3.7 and earlier) that uses hardcoded credentials and transmits data over an insecure FTP/HTTP session, exposing potentially sensitive user data. Root cause: information exposure due to non-secure authentication/storage configurati...
CVE-2012-2562
The CVE-2012-2562 entry concerns Xelex MobileTrack for Android (≤ 2.3.7). The issue is lack of verification of SMS command origin, allowing an unauthenticated remote attacker to issue commands (LOCATE, TRACK, UPDATECFG, UPDATEACCT, STAT, TERM, WIPE) via SMS. Consequences cited include possible un...
CVE-2012-2562
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...
CVE-2012-2567
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...