GOautodial version 4.0 suffers from a remote shell upload vulnerability.
1dc47bb67a41c4ba34d498a30ea9daae
GOautodial version 4.0 suffers from a persistent cross site scripting vulnerability.
c0faaceff10622303d0fa8266c2a1025
GOautodial version 4.0 suffers from a persistent cross site scripting vulnerability in the CreateEvent flow.
06e513908ec4cf29eb4b367076db6e10
This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.
06c8713656083241fef0e30117e4a409
GoAutoDial CE version 3.3 remote command execution and SQL injection vulnerabilities.
279d64c86761a7358d8a98e2c88084e0
GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.
5452a3f1b2d82caabaf2a75df9e270b5