Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34876PUBLISHED: 2022-07-05
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or mak...
CVE-2022-34877PUBLISHED: 2022-07-05
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavail...
CVE-2022-34878PUBLISHED: 2022-07-05
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and bec...
CVE-2022-34879PUBLISHED: 2022-07-05Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-31770PUBLISHED: 2022-07-05IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
User Rank: Ninja
6/20/2014 | 12:13:04 AM
It's a good lesson. His long battle was unnecessary and sad, but also a deterrent to others who have non-criminal intent, but whose curiosity drives them to commit a crime as a result of it. From my perspective, I can't believe it didn't take a matter of six months to identify Gary as not a threat, or a potential repeat offender, and simply have let him off on parole. Such a sad incident and an example of how we are nowhere near where we need to be in terms of educating the government and the public regarding this cyber world we live in, and how far the government is from writing laws and punishment that fit the cyber crime.