3 matches found
Code injection
Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to 1 SEAttack.pl or 2 CSAttack.pl in frameworkgui/ or the 3 appURLPath parameter to frameworkgui/attachMobileModem.pl...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
CVE-2012-5696
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request...