36 matches found
Sql injection
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
Code injection
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
CVE-2012-5694
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5697
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
CVE-2012-5697
CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
CVE-2012-5696
This entry corresponds to CVE-2012-5696 in the Smartphone Pentest Framework (SPF). Documentation confirms SPF before 0.1.3 vulnerable to improper access control via the /frameworkgui/config path, allowing remote attackers to obtain the plaintext database password. The connected advisory details m...
CVE-2012-5694
CVE-2012-5694 concerns multiple SQL injection flaws in the Smartphone Pentest Framework (SPF) web GUI, specifically in the frameworkgui/ directory. The linked HTB23123 advisory enumerates affected scripts and parameters (attach2Agents.pl, attachMobileModem.pl, escalatePrivileges.pl, getContacts.p...
[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot
The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gatherin...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Smartphone Pentest Framework SPF versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability. Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 201...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands...
Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities
source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple command execution vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine remotely. Similar vulnerabilities were discovered...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...