8 matches found
VICIdial 2.14-917 Remote Command Execution
VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...
Metasploit Weekly Wrap-Up 10/04/2024
New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...
VICIdial Authenticated Remote Code Execution
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Module Options msf use...
Exploit for CVE-2024-8504
⚡️ Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE ⚡️...
VICIdial 2.14-917a Remote Code Execution Vulnerability
An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...
VICIdial 2.14-917a Remote Code Execution
KL-001-2024-012: VICIdial Authenticated Remote Code Execution Title: VICIdial Authenticated Remote Code Execution Advisory ID: KL-001-2024-012 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt 1. Vulnerability Details Affected Vendor:...
CVE-2024-8504
creationtimestamp| type| source ---|---|--- 2024-09-10 22:37:05+00:00| seen| https://t.me/cvedetector/5298 2024-09-14 06:31:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8527 2024-09-15 08:46:36+00:00| seen| https://t.me/proxybar/2264 2024-09-15 09:25:24+00:00|...
VICIdial Authenticated Remote Code Execution
Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' CVE ID: CVE-2024-8504 2. Vulnerability Description An...