Page 12 of 144 results (0.015 seconds)

CVSS: 9.3EPSS: 91%CPEs: 8EXPL: 10

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. El archivo graph_realtime.php en Cacti versión 1.2.8, permite a atacantes remotos ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en una cookie, si un usuario invitado posee el privilegio graph real-time. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege. • https://www.exploit-db.com/exploits/48145 https://www.exploit-db.com/exploits/48144 https://github.com/mhaskar/CVE-2020-8813 https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime https://github.com/hexcowboy/CVE-2020-8813 https://github.com/0xm4ud/Cacti-CVE-2020-8813 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://packetstormsecurity.com/files/156537/Cacti- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. Cacti versión 1.2.8, permite una ejecución de código remota (por parte de usuarios privilegiados) por medio de metacaracteres de shell en el campo Performance Boost Debug Log del archivo poller_automation.php. Los comandos del Sistema Operativo son ejecutados cuando un nuevo ciclo de sondeo comienza. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool https://github.com/Cacti/cacti/issues/3201 https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 10%CPEs: 1EXPL: 0

Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. Cacti versiones hasta 1.2.7, está afectado por una vulnerabilidad de inyección SQL de graphs.php?template_id= afectando la forma en que son manejados los identificadores de plantilla cuando una cadena y un valor compuesto de id son usados para identificar el tipo de plantilla y la identificación. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374 https://github.com/Cacti/cacti/issues/3025 https://security.gentoo.org/glsa/202003-40 https://www.darkmatter.ae/xen1thlabs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm. ** EN DISPUTA** el archivo data_input.php en Cacti versión 1.2.8, permite una ejecución de código remota por medio de una Cadena de Entrada diseñada en Data Collection-) Data Input Methods -) Unix -) Ping Host. NOTA: el vendedor ha declarado "Esto es una falsa alarma". • https://github.com/Cacti/cacti/issues/3186 • CWE-20: Improper Input Validation •