28 matches found
EUVD-2012-5577
Malware in sbrugna...
EUVD-2012-5578
Malware in sbrugna...
EUVD-2012-5580
Malware in sbrugna...
EUVD-2012-5579
Malware in sbrugna...
CVE-2012-5693
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...
Code injection
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...
Code injection
Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to 1 SEAttack.pl or 2 CSAttack.pl in frameworkgui/ or the 3 appURLPath parameter to frameworkgui/attachMobileModem.pl...
CVE-2012-5878
Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to 1 SEAttack.pl or 2 CSAttack.pl in frameworkgui/ or the 3 appURLPath parameter to frameworkgui/attachMobileModem.pl...
CVE-2012-5878
CVE-2012-5878 concerns the Smartphone Pentest Framework (SPF) versions 0.1.2–0.1.4. The connected records confirm a remote OS command injection vulnerability in SPF’s web GUI, triggered by unsanitized input in the hostingPath parameter for SEAttack.pl and CSAttack.pl (frameworkgui/), and the appU...
CVE-2012-5693
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...
CVE-2012-5693
Bulb Security’s Smartphone Pentest Framework (SPF) is affected by OS command injection in SPF web GUI. CVE-2012-5693 (and related CVE-2012-5878) describe that remote attackers can execute arbitrary commands by supplying shell metacharacters in various input fields (ipAddressTB, hostingPath, appUR...
CVE-2012-5697
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
CVE-2012-5694
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5696
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
Code injection
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
Sql injection
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
CVE-2012-5694
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...