Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vicidial vicidial vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-35377
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
Vicidial Vicidial 2.14-610c
Vicidial Vicidial 2.14-597c
Vicidial Vicidial 2.10-415c
Vicidial Vicidial 2.9-401c
8.5
CVSSv2
CVE-2022-34876
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows malicious user to spoof identity, tamper with existing data, allow the complete disclosure of all data on the syste...
Vicidial Vicidial 2.14b0.5
9
CVSSv2
CVE-2022-34877
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows malicious user to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or...
Vicidial Vicidial 2.14b0.5
9
CVSSv2
CVE-2022-34878
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows malicious user to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it othe...
Vicidial Vicidial 2.14b0.5
4.3
CVSSv2
CVE-2022-34879
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions before 3555.
Vicidial Vicidial 2.14b0.5
3.5
CVSSv2
CVE-2021-46557
Vicidial 2.14-783a exists to contain a cross-site scripting (XSS) vulnerability via the input tabs.
Vicidial Vicidial 2.14-783a
1 Github repository
NA
CVE-2021-28854
VICIdial's Web Client contains many sensitive files that can be access from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. ...
1 Github repository
5
CVSSv2
CVE-2013-7382
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and previous versions has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote malicious users to obtain access.
Vicidial Vicidial 2.7
Vicidial Vicidial
1 EDB exploit
6.5
CVSSv2
CVE-2013-4468
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and previous versions allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
Vicidial Vicidial
Vicidial Vicidial 2.7
1 EDB exploit
6.5
CVSSv2
CVE-2013-4467
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and previous versions allow (1) remote malicious users to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJA...
Vicidial Vicidial
Vicidial Vicidial 2.7
Vicidial Vicidial 2.8
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »