Lucene search
K

36 matches found

Prion
Prion
added 2014/10/20 4:55 p.m.21 views

Sql injection

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...

6.8CVSS9.2AI score0.01267EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2014/10/20 4:55 p.m.21 views

Code injection

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

4.6CVSS6.6AI score0.00418EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/10/20 4:0 p.m.25 views

CVE-2012-5694

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...

8.4AI score0.01267EPSS
Exploits1References5
Cvelist
Cvelist
added 2014/10/20 4:0 p.m.38 views

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

6.1AI score0.00418EPSS
Exploits1References3
CVE
CVE
added 2014/10/20 4:0 p.m.64 views

CVE-2012-5697

CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...

4.6CVSS8.1AI score0.00418EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/10/20 4:0 p.m.24 views

CVE-2012-5695

Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...

8AI score0.00669EPSS
Exploits3References6
CVE
CVE
added 2014/10/20 4:0 p.m.45 views

CVE-2012-5696

This entry corresponds to CVE-2012-5696 in the Smartphone Pentest Framework (SPF). Documentation confirms SPF before 0.1.3 vulnerable to improper access control via the /frameworkgui/config path, allowing remote attackers to obtain the plaintext database password. The connected advisory details m...

5CVSS8.5AI score0.01264EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/10/20 4:0 p.m.57 views

CVE-2012-5694

CVE-2012-5694 concerns multiple SQL injection flaws in the Smartphone Pentest Framework (SPF) web GUI, specifically in the frameworkgui/ directory. The linked HTB23123 advisory enumerates affected scripts and parameters (attach2Agents.pl, attachMobileModem.pl, escalatePrivileges.pl, getContacts.p...

6.8CVSS9.3AI score0.01267EPSS
Exploits1References5Affected Software1
Kitploit
Kitploit
added 2013/04/21 3:16 a.m.56 views

[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot

The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gatherin...

7.5AI score
Exploits0References2
0day.today
0day.today
added 2012/12/12 12:0 a.m.80 views

Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection

Smartphone Pentest Framework SPF versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability. Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 201...

9.7AI score0.09296EPSS
Exploits5
Packet Storm
Packet Storm
added 2012/12/11 12:0 a.m.67 views

Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.1AI score0.09296EPSS
Exploits5
securityvulns
securityvulns
added 2012/12/11 12:0 a.m.100 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.6AI score0.09296EPSS
Exploits5
exploitpack
exploitpack
added 2012/12/10 12:0 a.m.27 views

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/12/10 12:0 a.m.36 views

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may...

7.4AI score
Exploits0
htbridge
htbridge
added 2012/11/19 12:0 a.m.72 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple command execution vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine remotely. Similar vulnerabilities were discovered...

8.3CVSS9.4AI score0.09296EPSS
Exploits5Affected Software1
htbridge
htbridge
added 2012/10/24 12:0 a.m.57 views

Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...

8.3CVSS10.5AI score0.01664EPSS
Exploits7Affected Software1
Rows per page
Query Builder