CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4454 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4454
17 Jun 2015 — SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Vulnerabilidad de inyección SQL en la función get_hash_graph_template en lib/functions.php en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro graph_template_id en graph_templates.php. Several vulnerabilities (cross-site s... • http://bugs.cacti.net/view.php?id=2572 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2665 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-2665
17 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Cacti anterior a 0.8.8d permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4342 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4342
09 Jun 2015 — SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Vulnerabilidad de inyección SQL en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados que involucran un id cdef. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0916
https://notcve.org/view.php?id=CVE-2015-0916
22 May 2015 — SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. Vulnerabilidad de inyección SQL en graph.php en Cacti anterior a 0.8.6f permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id, una vulnerabilidad diferente a CVE-2007-6035. • http://jvn.jp/en/jp/JVN18957556/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5026 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5026
20 Aug 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acce... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-5261 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5261
20 Aug 2014 — The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. La secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un tamaño de fuente, relacionado con la línea de comando rrdtool en lib/rrd.php. Multiple s... • http://seclists.org/oss-sec/2014/q3/351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-5262 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5262
20 Aug 2014 — SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. Multiple security issues (cross-site scripting, missing input sanitising and SQL inj... • http://seclists.org/oss-sec/2014/q3/351 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5025 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5025
20 Aug 2014 — Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. Vulnerabilidad de XSS en data_sources.php en Cacti 0.8.8b permite a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name_cache en una acción ds_edit. Multiple security issues (cross-site scripting, missing in... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4002 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-4002
30 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. Múltiples vulñnerabilidades de XSS en Cacti 0.8.8b permiten a at... • http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-2709 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2709
23 Apr 2014 — lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. lib/rrd.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en parámetros no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html •