IDCVSSSummaryLast (major) updatePublished
CVE-2012-5697 4.6
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary
16-12-2014 - 12:23 20-10-2014 - 12:55
CVE-2012-5696 5.0
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.
16-12-2014 - 12:23 20-10-2014 - 12:55
CVE-2012-5695 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter
16-12-2014 - 12:22 20-10-2014 - 12:55
CVE-2012-5694 6.8
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) pla
16-12-2014 - 12:21 20-10-2014 - 12:55
Back to Top Mark selected
Back to Top