Page 14 of 94 results (0.037 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. La secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un tamaño de fuente, relacionado con la línea de comando rrdtool en lib/rrd.php. • http://seclists.org/oss-sec/2014/q3/351 http://seclists.org/oss-sec/2014/q3/386 http://svn.cacti.net/viewvc?view=rev&revision=7454 http://www.debian.org/security/2014/dsa-3007 http://www.securityfocus.com/bid/69213 https://bugzilla.redhat.com/show_bug.cgi?id=1127165 https://exchange.xforce.ibmcloud.com/vulnerabilities/95292 https://security.gentoo.org/glsa/201607-05 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en cacti/host.php en Cacti v0.8.8b y anteriores, permite a atacantes remotos ejecutar comandos SQL a través del parámetro "id". • http://bugs.cacti.net/view.php?id=2383 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/54652 http://www.debian.org/security/2013/dsa-2747 http://www.securityfocus.com/bid/62005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. Múltiples vulnerabilidades de cross-site scripting (XSS) en Cacti v0.8.8b y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del (1) parámetro "step" en install/index.php o (2) el parámetro "id" en cacti/host.php. • http://bugs.cacti.net/view.php?id=2383 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/54652 http://www.debian.org/security/2013/dsa-2747 http://www.securityfocus.com/bid/62001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiples vulnerabilidades de inyección SQL en (1) api_poller.php y (2) utility.php en Cacti anterior a v0.8.8b permiten a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://forums.cacti.net/viewtopic.php?f=21&t=50593 http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html http://secunia.com/advisories/54181 http://secunia.com/advisories/54386 http://svn.cacti.net/viewvc?view=rev&revision=7394 http://www.debian.org/security/2012/dsa-2739 http://www.openwall.com/lists/oss-security/2013/08/07/15 http://www.securityfocus.com/bid/61657 http://www.securitytracker.com/id/1028893 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. (1) snmp.php y (2) rrd.php en Cacti anterior a v0.8.8b permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres de shell en vectores no especificados. • http://forums.cacti.net/viewtopic.php?f=21&t=50593 http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html http://secunia.com/advisories/54181 http://secunia.com/advisories/54386 http://svn.cacti.net/viewvc?view=rev&revision=7392 http://svn.cacti.net/viewvc?view=rev&revision=7393 http://www.debian.org/security/2012/dsa-2739 http://www.openwall.com/lists/oss-security/2013/08/07/15 • CWE-94: Improper Control of Generation of Code ('Code Injection') •