RSS   Vulnerabilities for 'Vicidial'   RSS

2014-05-17
 
CVE-2013-7382

CWE-255
 

 
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.

 
2014-05-14
 
CVE-2013-4468

CWE-Other
 

 
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.

 
2014-03-11
 
CVE-2013-4467

CWE-89
 

 
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Vicidial 2 Products
Call center suite
Vicidial


Copyright 2019, cxsecurity.com

 

Back to Top