4 matches found
CVE-2012-5693
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...
CVE-2012-5694
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
Sql injection
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5697
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...