CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2708 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2708
10 Apr 2014 — Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. Múltiples vulnerabilidades de inyección SQL en graph_xport.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) gr... • http://bugs.cacti.net/view.php?id=2405 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2328 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2328
25 Mar 2014 — lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. lib/graph_export.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a w... • http://bugs.cacti.net/view.php?id=2433 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2327 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2327
25 Mar 2014 — Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. Vulnerabilidad de CSRF en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para comandos no especificados, tal y como fue demostrado por solicitudes que (1)modifican archivo... • http://jvn.jp/en/jp/JVN55076671/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-2326 – Debian Security Advisory 2970-1
https://notcve.org/view.php?id=CVE-2014-2326
25 Mar 2014 — Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en cdef.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been fou... • http://bugs.cacti.net/view.php?id=2431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2013-5589 – Debian Security Advisory 2747-1
https://notcve.org/view.php?id=CVE-2013-5589
29 Aug 2013 — SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en cacti/host.php en Cacti v0.8.8b y anteriores, permite a atacantes remotos ejecutar comandos SQL a través del parámetro "id". Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the id parameter to cacti/host.php. SQL injection vulnerab... • http://bugs.cacti.net/view.php?id=2383 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 1CVE-2013-5588 – Debian Security Advisory 2747-1
https://notcve.org/view.php?id=CVE-2013-5588
29 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. Múltiples vulnerabilidades de cross-site scripting (XSS) en Cacti v0.8.8b y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del (1) parámetro "step" en install/index.php o (2) el parámetro "id" en cacti/host.php. Multiple c... • http://bugs.cacti.net/view.php?id=2383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-1434 – Gentoo Linux Security Advisory 201401-20
https://notcve.org/view.php?id=CVE-2013-1434
21 Aug 2013 — Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiples vulnerabilidades de inyección SQL en (1) api_poller.php y (2) utility.php en Cacti anterior a v0.8.8b permiten a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0... • http://forums.cacti.net/viewtopic.php?f=21&t=50593 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2013-1435 – Gentoo Linux Security Advisory 201401-20
https://notcve.org/view.php?id=CVE-2013-1435
21 Aug 2013 — (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. (1) snmp.php y (2) rrd.php en Cacti anterior a v0.8.8b permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres de shell en vectores no especificados. SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0.8.8b version which is not vulnerable to these issues. • http://forums.cacti.net/viewtopic.php?f=21&t=50593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2011-5223
https://notcve.org/view.php?id=CVE-2011-5223
25 Oct 2012 — Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en logout.php en Cacti, permite a atacantes remotos secuestrar la autenticación de los administradores a través de vectores desconocidos. • http://bugs.cacti.net/view.php?id=2062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2011-4824
https://notcve.org/view.php?id=CVE-2011-4824
15 Dec 2011 — SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. Vulnerabilidad de inyección SQL en auth_login.php de Cacti en versiones anteriores a 0.8.7h permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro login_username. • http://bugs.cacti.net/view.php?id=2062 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •