CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2545 – cacti: XSS via various object names or descriptions
https://notcve.org/view.php?id=CVE-2010-2545
23 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_pre... • http://cacti.net/release_notes_0_8_7g.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 0CVE-2010-1645 – cacti: multiple command injection flaws (BONSAI-2010-0105)
https://notcve.org/view.php?id=CVE-2010-1645
23 Aug 2010 — Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. Cacti antes de v0.8.7f, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y otros productos, permite a los administradores remotos autenticados ejecutar código arbitrario a través de metacaracteres de s... • http://secunia.com/advisories/41041 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 3%CPEs: 38EXPL: 2CVE-2010-2544 – Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php?Filter' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2544
23 Aug 2010 — Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en utilities.php en Cacti antes de v0.8.7g, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y otros productos, permite a atacantes remotos inyectar secuencias de coman... • https://www.exploit-db.com/exploits/34504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2543 – Cacti 0.8.7e - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2543
23 Aug 2010 — Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en include/top_graph_header.php en Cacti antes de v0.8.7g permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro graph... • https://www.exploit-db.com/exploits/10234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 37EXPL: 0CVE-2010-1644 – cacti: XSS issues in host.php and data_sources.php (VUPEN/ADV-2010-1203)
https://notcve.org/view.php?id=CVE-2010-1644
23 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cacti antes de v0.8.7f, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y o... • http://secunia.com/advisories/41041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 1CVE-2010-2092 – cacti: graph.php rra_id SQL injection vulnerability (MOPS-2010-023)
https://notcve.org/view.php?id=CVE-2010-2092
27 May 2010 — SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. Vulnerabilidad de inyección SQL en graph.php en Cacti v0.8.7e y anteriores permite a atacntes remotos ejecutar comandos SQL de su elección ... • http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 37EXPL: 1CVE-2010-1431 – Cacti 0.8.7e - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1431
04 May 2010 — SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. Vulnerabilidad de inyección SQL en templates_export.php en Cacti v0.8.7e y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro export_item_id. • https://www.exploit-db.com/exploits/12338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 3%CPEs: 16EXPL: 3CVE-2009-4112 – Joomla! Component ProofReader 1.0 RC9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4112
30 Nov 2009 — Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. Cacti v0.8.7e y anteriores permite a administradores remotos autenticados obtener privilegios modificando el "Data Input Method" (método de entrada de datos) para la opción "Linux - Get Memory Usage" (Linux - obtener utilización de la memoria) para contener comandos de su elección. • https://www.exploit-db.com/exploits/33377 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 2CVE-2009-4032 – Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4032
27 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php. Múltiples vulnerabil... • https://www.exploit-db.com/exploits/33374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 5CVE-2008-0785 – Cacti 0.8.7 - '/index.php/sql.php?Login Action login_username' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0785
14 Feb 2008 — Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login. Múltiples vulnerabilidades de inyección SQL en Cacti 0.8.7 anterior a 0.8.7b y 0.8.6 anterior a 0.8.6k. que permite a usuarios autentificados remotamente ej... • https://www.exploit-db.com/exploits/31161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •