CVE-2016-3659 – Cacti 0.8.8g SQL Injection
https://notcve.org/view.php?id=CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. Vulnerabilidad de inyección SQL en graph_view.php en Cacti 0.8.8.g permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro host_group_data. • http://bugs.cacti.net/view.php?id=2673 http://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html http://seclists.org/fulldisclosure/2016/Apr/4 http://www.securityfocus.com/bid/85806 https://security.gentoo.org/glsa/201607-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-8604 – Cacti 0.8.8f graphs_new.php SQL Injection
https://notcve.org/view.php?id=CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro cg_g en una acción de guardado. Cacti versions 0.8.8f and below suffer from a remote SQL injection vulnerability in graphs_new.php. • http://bugs.cacti.net/view.php?id=2652 http://packetstormsecurity.com/files/135191/Cacti-0.8.8f-graphs_new.php-SQL-Injection.html http://seclists.org/fulldisclosure/2016/Jan/16 http://www.debian.org/security/2016/dsa-3494 http://www.openwall.com/lists/oss-security/2016/01/04/8 http://www.openwall.com/lists/oss-security/2016/01/04/9 http://www.securitytracker.com/id/1034573 https://security.gentoo.org/glsa/201607-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-8377
https://notcve.org/view.php?id=CVE-2015-8377
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs_save en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados manipulados en el parámetro selected_graphs_array en una acción de guardado. • http://seclists.org/fulldisclosure/2015/Dec/57 http://www.debian.org/security/2016/dsa-3494 http://www.securitytracker.com/id/1034498 https://security.gentoo.org/glsa/201607-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-8369 – Cacti 0.8.8f SQL Injection
https://notcve.org/view.php?id=CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. Vulnerabilidad de inyección SQL en include/top_graph_header.php en Cacti 0.8.8f y en versiones anteriores permite a atacantes remotos ejecutar comandosSQL arbitrarios a través del parámetro rra_id en una acción de propiedades en graph.php. Cacti versions 0.8.8f and below suffer from a remote SQL injection vulnerability. • http://bugs.cacti.net/view.php?id=2646 http://packetstormsecurity.com/files/134724/Cacti-0.8.8f-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Dec/8 http://www.debian.org/security/2015/dsa-3423 http://www.securitytracker.com/id/1034497 https://security.gentoo.org/glsa/201607-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-4634
https://notcve.org/view.php?id=CVE-2015-4634
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Vulnerabilidad de inyección SQL en graphs.php en Cacti en versiones anteriores a 0.8.8e, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id. • http://bugs.cacti.net/view.php?id=2577 http://lists.opensuse.org/opensuse-updates/2015-07/msg00052.html http://www.cacti.net/release_notes_0_8_8e.php http://www.debian.org/security/2015/dsa-3312 http://www.securitytracker.com/id/1032989 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •