CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2013-7382 – VICIdial Manager - Send OS Command Injection
https://notcve.org/view.php?id=CVE-2013-7382
17 May 2014 — VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access. El marcador VICIDIAL (también conocido como Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1 y anteriores tiene una contraseña embebida de donotedit para los usuarios de (1) VDAD y (2) VDCL, lo que facilita a atacantes remotos obtener acceso. • https://www.exploit-db.com/exploits/29513 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 33%CPEs: 3EXPL: 6CVE-2013-4468 – VICIdial Manager - Send OS Command Injection
https://notcve.org/view.php?id=CVE-2013-4468
08 Nov 2013 — VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php. El marcador VICIDIAL (también conocido como Asterisk GUI Client) 2.8-403a, 2.7, 2.7RC1 y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro extension en una acción OriginateVDRelogin h... • https://packetstorm.news/files/id/123947 •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 8CVE-2013-4467 – VICIdial Manager - Send OS Command Injection
https://notcve.org/view.php?id=CVE-2013-4467
08 Nov 2013 — Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilid... • https://packetstorm.news/files/id/123947 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •