CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2967 – Gentoo Linux Security Advisory 201509-03
https://notcve.org/view.php?id=CVE-2015-2967
10 Jul 2015 — Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en settings.php en Cacti en versiones anteriores a la 0.8.8d, permite a los atacantes inyectar secuencias de comandos web arbitrarios o HTML a través de vectores inespecíficos. Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. Versions less than 0.8.8d are affec... • http://jvn.jp/en/jp/JVN78187936/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4454 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4454
17 Jun 2015 — SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Vulnerabilidad de inyección SQL en la función get_hash_graph_template en lib/functions.php en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro graph_template_id en graph_templates.php. Several vulnerabilities (cross-site s... • http://bugs.cacti.net/view.php?id=2572 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2665 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-2665
17 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Cacti anterior a 0.8.8d permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4342 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4342
09 Jun 2015 — SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Vulnerabilidad de inyección SQL en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados que involucran un id cdef. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0916
https://notcve.org/view.php?id=CVE-2015-0916
22 May 2015 — SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. Vulnerabilidad de inyección SQL en graph.php en Cacti anterior a 0.8.6f permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id, una vulnerabilidad diferente a CVE-2007-6035. • http://jvn.jp/en/jp/JVN18957556/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-5261 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5261
20 Aug 2014 — The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. La secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un tamaño de fuente, relacionado con la línea de comando rrdtool en lib/rrd.php. Multiple s... • http://seclists.org/oss-sec/2014/q3/351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5025 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5025
20 Aug 2014 — Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. Vulnerabilidad de XSS en data_sources.php en Cacti 0.8.8b permite a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name_cache en una acción ds_edit. Multiple security issues (cross-site scripting, missing in... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5026 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5026
20 Aug 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acce... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-5262 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5262
20 Aug 2014 — SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. Multiple security issues (cross-site scripting, missing input sanitising and SQL inj... • http://seclists.org/oss-sec/2014/q3/351 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4002 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-4002
30 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. Múltiples vulñnerabilidades de XSS en Cacti 0.8.8b permiten a at... • http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •