Bulbsecurity Smartphone Pentest Framework vulnerabilities
6 known vulnerabilities affecting bulbsecurity/smartphone_pentest_framework.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2012-5878P2CRITICALCVSS 9.8PoC≥ 0.1.2, ≤ 0.1.42020-01-03
CVE-2012-5878 [CRITICAL] CWE-78 CVE-2012-5878: Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to exec
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.
nvd
CVE-2012-5693P3HIGHCVSS 8.8fixed in 0.1.32020-01-03
CVE-2012-5693 [HIGH] CWE-78 CVE-2012-5693: Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arb
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.
nvd
CVE-2012-5694P3MEDIUMCVSS 6.8v0.1.22014-10-20
CVE-2012-5694 [MEDIUM] CWE-89 CVE-2012-5694: Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURL
nvd
CVE-2012-5696P4MEDIUMCVSS 5.0≤ 0.1.22014-10-20
CVE-2012-5696 [MEDIUM] CWE-264 CVE-2012-5696: Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to f
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.
nvd
CVE-2012-5695P4MEDIUMCVSS 6.8v0.1.2v0.1.3+1 more2014-10-20
CVE-2012-5695 [MEDIUM] CWE-352 CVE-2012-5695: Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Frame
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.
nvd
CVE-2012-5697P4MEDIUMCVSS 4.6≤ 0.1.22014-10-20
CVE-2012-5697 [MEDIUM] CWE-264 CVE-2012-5697: The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 u
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.
nvd