CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 1CVE-2013-5588 – Debian Security Advisory 2747-1
https://notcve.org/view.php?id=CVE-2013-5588
29 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. Múltiples vulnerabilidades de cross-site scripting (XSS) en Cacti v0.8.8b y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del (1) parámetro "step" en install/index.php o (2) el parámetro "id" en cacti/host.php. Multiple c... • http://bugs.cacti.net/view.php?id=2383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-1434 – Gentoo Linux Security Advisory 201401-20
https://notcve.org/view.php?id=CVE-2013-1434
21 Aug 2013 — Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiples vulnerabilidades de inyección SQL en (1) api_poller.php y (2) utility.php en Cacti anterior a v0.8.8b permiten a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0... • http://forums.cacti.net/viewtopic.php?f=21&t=50593 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2013-1435 – Gentoo Linux Security Advisory 201401-20
https://notcve.org/view.php?id=CVE-2013-1435
21 Aug 2013 — (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. (1) snmp.php y (2) rrd.php en Cacti anterior a v0.8.8b permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres de shell en vectores no especificados. SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0.8.8b version which is not vulnerable to these issues. • http://forums.cacti.net/viewtopic.php?f=21&t=50593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2011-5223
https://notcve.org/view.php?id=CVE-2011-5223
25 Oct 2012 — Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en logout.php en Cacti, permite a atacantes remotos secuestrar la autenticación de los administradores a través de vectores desconocidos. • http://bugs.cacti.net/view.php?id=2062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2011-4824
https://notcve.org/view.php?id=CVE-2011-4824
15 Dec 2011 — SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. Vulnerabilidad de inyección SQL en auth_login.php de Cacti en versiones anteriores a 0.8.7h permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro login_username. • http://bugs.cacti.net/view.php?id=2062 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2545 – cacti: XSS via various object names or descriptions
https://notcve.org/view.php?id=CVE-2010-2545
23 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_pre... • http://cacti.net/release_notes_0_8_7g.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2010-1645 – cacti: multiple command injection flaws (BONSAI-2010-0105)
https://notcve.org/view.php?id=CVE-2010-1645
23 Aug 2010 — Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. Cacti antes de v0.8.7f, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y otros productos, permite a los administradores remotos autenticados ejecutar código arbitrario a través de metacaracteres de s... • http://secunia.com/advisories/41041 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 38EXPL: 2CVE-2010-2544 – Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php?Filter' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2544
23 Aug 2010 — Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en utilities.php en Cacti antes de v0.8.7g, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y otros productos, permite a atacantes remotos inyectar secuencias de coman... • https://www.exploit-db.com/exploits/34504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2543 – Cacti 0.8.7e - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2543
23 Aug 2010 — Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en include/top_graph_header.php en Cacti antes de v0.8.7g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro graph... • https://www.exploit-db.com/exploits/10234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2010-1644 – cacti: XSS issues in host.php and data_sources.php (VUPEN/ADV-2010-1203)
https://notcve.org/view.php?id=CVE-2010-1644
23 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cacti antes de v0.8.7f, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y o... • http://secunia.com/advisories/41041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •