Smartphone Pentest Framework Security Vulnerabilities and Issues — Smartphone Pentest Framework CVE List

Lucene search

BulbsecuritySmartphone Pentest Framework

4 matches found

CVE•added 2014/10/20 4:55 p.m.•47 views

CVE-2012-5694

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents....

6.8CVSS9.3AI score0.00435EPSS

CVE•added 2014/10/20 4:55 p.m.•47 views

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.

4.6CVSS8.1AI score0.00044EPSS

CVE•added 2014/10/20 4:55 p.m.•41 views

CVE-2012-5695

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS ...

6.8CVSS9.7AI score0.00463EPSS

CVE•added 2014/10/20 4:55 p.m.•35 views

CVE-2012-5696

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

5CVSS8.5AI score0.0025EPSS