CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-5261 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5261
20 Aug 2014 — The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. La secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un tamaño de fuente, relacionado con la línea de comando rrdtool en lib/rrd.php. Multiple s... • http://seclists.org/oss-sec/2014/q3/351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-5262 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5262
20 Aug 2014 — SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. Multiple security issues (cross-site scripting, missing input sanitising and SQL inj... • http://seclists.org/oss-sec/2014/q3/351 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5025 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5025
20 Aug 2014 — Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. Vulnerabilidad de XSS en data_sources.php en Cacti 0.8.8b permite a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name_cache en una acción ds_edit. Multiple security issues (cross-site scripting, missing in... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4002 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-4002
30 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. Múltiples vulñnerabilidades de XSS en Cacti 0.8.8b permiten a at... • http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-2709 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2709
23 Apr 2014 — lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. lib/rrd.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en parámetros no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2708 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2708
10 Apr 2014 — Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. Múltiples vulnerabilidades de inyección SQL en graph_xport.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) gr... • http://bugs.cacti.net/view.php?id=2405 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2328 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2328
25 Mar 2014 — lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. lib/graph_export.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a w... • http://bugs.cacti.net/view.php?id=2433 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2327 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2327
25 Mar 2014 — Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. Vulnerabilidad de CSRF en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para comandos no especificados, tal y como fue demostrado por solicitudes que (1)modifican archivo... • http://jvn.jp/en/jp/JVN55076671/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-2326 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2326
25 Mar 2014 — Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en cdef.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been fou... • http://bugs.cacti.net/view.php?id=2431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2013-5589 – Debian Security Advisory 2747-1
https://notcve.org/view.php?id=CVE-2013-5589
29 Aug 2013 — SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en cacti/host.php en Cacti v0.8.8b y anteriores, permite a atacantes remotos ejecutar comandos SQL a través del parámetro "id". Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the id parameter to cacti/host.php. SQL injection vulnerab... • http://bugs.cacti.net/view.php?id=2383 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •