EUVD-2008-1397

Malware in sbrugna...

Command injection

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

CVE-2017-14001

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

CVE-2017-14001

CVE-2017-14001 affects Digium Asterisk GUI 2.1.0 and earlier. The vulnerability is an OS command injection due to improper neutralization of special elements in URL requests, enabling an authenticated attacker to execute arbitrary code on the device. According to ICS-CERT, this vulnerability is r...

Digium Asterisk GUI OS Command Injection Vulnerability

The Asterisk GUI is a framework for configuring graphical user interfaces. An OS command injection vulnerability exists in Digium Asterisk GUI, which could allow an attacker to execute arbitrary code on a system by injecting OS commands into the program's URL requests...

Digium Asterisk GUI

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digium Equipment: Asterisk GUI Vulnerability: Improper Neutralization of Special Elements used in an OS Command AFFECTED PRODUCTS The following versions of Asterisk GUI, a framework for configuring graphical user...

CVE-2013-7382

VICIDIAL dialer (Asterisk GUI client) versions 2.8-403a, 2.7, 2.7RC1 and earlier are affected by a hardcoded credential vulnerability. The root cause is a hardcoded password, donotedit, assigned to the VDAD and VDCL user accounts, which could allow remote attackers to gain access. This CVE detail...

CVE-2013-7382

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the 1 VDAD and 2 VDCL users, which makes it easier for remote attackers to obtain access...

Code injection

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to managersend.php...

CVE-2013-4468

CVE-2013-4468 concerns VICIDIAL dialer (Asterisk GUI client) where remote authenticated users can execute arbitrary commands via shell metacharacters in the extension parameter of an OriginateVDRelogin action to manager_send.php. Affected versions include 2.7RC1, 2.7, and 2.8-403a and earlier. Th...

Sql injection

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...

CVE-2013-4467

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...