24 matches found
EUVD-2012-5578
Malware in sbrugna...
EUVD-2012-5576
Malware in sbrugna...
EUVD-2012-5580
Malware in sbrugna...
EUVD-2012-5577
Malware in sbrugna...
CVE-2012-5878
Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to 1 SEAttack.pl or 2 CSAttack.pl in frameworkgui/ or the 3 appURLPath parameter to frameworkgui/attachMobileModem.pl...
CVE-2012-5878
CVE-2012-5878 concerns the Smartphone Pentest Framework (SPF) versions 0.1.2–0.1.4. The connected records confirm a remote OS command injection vulnerability in SPF’s web GUI, triggered by unsanitized input in the hostingPath parameter for SEAttack.pl and CSAttack.pl (frameworkgui/), and the appU...
CVE-2012-5693
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to 1 remoteAttack.pl or 2 guessPassword.pl in frameworkgui/; the filename parameter to 3 CSAttack.pl or 4 SEAttack.pl in...
AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Tools APKStudio Cross-platform Qt5 based IDE for reverse-engineering...
CVE-2012-5697
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
Code injection
The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...
Sql injection
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5694
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...
CVE-2012-5695
Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...
CVE-2012-5694
CVE-2012-5694 concerns multiple SQL injection flaws in the Smartphone Pentest Framework (SPF) web GUI, specifically in the frameworkgui/ directory. The linked HTB23123 advisory enumerates affected scripts and parameters (attach2Agents.pl, attachMobileModem.pl, escalatePrivileges.pl, getContacts.p...
CVE-2012-5697
CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...
CVE-2012-5696
This entry corresponds to CVE-2012-5696 in the Smartphone Pentest Framework (SPF). Documentation confirms SPF before 0.1.3 vulnerable to improper access control via the /frameworkgui/config path, allowing remote attackers to obtain the plaintext database password. The connected advisory details m...
[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot
The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gatherin...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Smartphone Pentest Framework SPF versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability. Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 201...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...
Smartphone Pentest Framework 0.1.3 / 0.1.4 Command Injection
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...