CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11163
https://notcve.org/view.php?id=CVE-2017-11163
10 Jul 2017 — Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. Una vulnerabilidad de Cross-Site Scripting (XSS) en aggregate_graphs.php en Cacti versión 1.1.12, permite a los usuarios autenticados a distancia inyectar secuencias de comandos web arbitrarias o HTML mediante cabeceras de referencia HTTP especialmente diseñadas, relacionadas ... • http://www.securitytracker.com/id/1038908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10970
https://notcve.org/view.php?id=CVE-2017-10970
06 Jul 2017 — Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en link.php en Cacti 1.1.12 permite que usuarios remotos anónimos inyecten scripts web o HTML arbitrarios mediante el parámetro id, relacionado con la función die_html_input_error en lib/html_validate.php. • http://www.securitytracker.com/id/1038908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2313 – Gentoo Linux Security Advisory 201711-10
https://notcve.org/view.php?id=CVE-2016-2313
13 Apr 2016 — auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. auth_logen.php en Cacti en versiones anteriores a 0.8.8g permite a usuarios remotos autenticados que utilizan autenticación web eludir las restricciones destinadas al acceso iniciando sesión como un usuario que no está en la base de datos cacti. Multiple vulnerabilities have been found in Cacti, the worst of which could l... • http://bugs.cacti.net/view.php?id=2656 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3172
https://notcve.org/view.php?id=CVE-2016-3172
12 Apr 2016 — SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. Vulnerabilidad de inyección SQL en tree.php en Cacti 0.8.8g y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro parent_id en una acción item_edit action. • http://bugs.cacti.net/view.php?id=2667 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2016-3659 – Cacti 0.8.8g SQL Injection
https://notcve.org/view.php?id=CVE-2016-3659
05 Apr 2016 — SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. Vulnerabilidad de inyección SQL en graph_view.php en Cacti 0.8.8.g permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro host_group_data. • https://packetstorm.news/files/id/136547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 4CVE-2015-8604 – Cacti 0.8.8f graphs_new.php SQL Injection
https://notcve.org/view.php?id=CVE-2015-8604
09 Jan 2016 — SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro cg_g en una acción de guardado. Two SQL injection vulnerabilities were discovered... • https://packetstorm.news/files/id/135191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8377 – Debian Security Advisory 3494-1
https://notcve.org/view.php?id=CVE-2015-8377
15 Dec 2015 — SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs_save en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados manipulados en el p... • http://seclists.org/fulldisclosure/2015/Dec/57 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 3CVE-2015-8369 – Debian Security Advisory 3423-1
https://notcve.org/view.php?id=CVE-2015-8369
09 Dec 2015 — SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. Vulnerabilidad de inyección SQL en include/top_graph_header.php en Cacti 0.8.8f y en versiones anteriores permite a atacantes remotos ejecutar comandosSQL arbitrarios a través del parámetro rra_id en una acción de propiedades en graph.php. Several SQL injection vulnerabilities have been discovered in Ca... • https://packetstorm.news/files/id/134724 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4634 – Debian Security Advisory 3312-1
https://notcve.org/view.php?id=CVE-2015-4634
22 Jul 2015 — SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Vulnerabilidad de inyección SQL en graphs.php en Cacti en versiones anteriores a 0.8.8e, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id. Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2577 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2967 – Gentoo Linux Security Advisory 201509-03
https://notcve.org/view.php?id=CVE-2015-2967
10 Jul 2015 — Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en settings.php en Cacti en versiones anteriores a la 0.8.8d, permite a los atacantes inyectar secuencias de comandos web arbitrarios o HTML a través de vectores inespecíficos. Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. Versions less than 0.8.8d are affec... • http://jvn.jp/en/jp/JVN78187936/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •