CVE-2014-2327
https://notcve.org/view.php?id=CVE-2014-2327
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. Vulnerabilidad de CSRF en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para comandos no especificados, tal y como fue demostrado por solicitudes que (1)modifican archivos binarios, (2) modifican configuraciones o (3) añaden usuarios arbitrarios. • http://jvn.jp/en/jp/JVN55076671/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/archive/1/531588 http://www.securityfocus.com/bid/66392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 https://security.gentoo.org/glsa/201509-03 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-2328
https://notcve.org/view.php?id=CVE-2014-2328
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. lib/graph_export.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados. • http://bugs.cacti.net/view.php?id=2433 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7442 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/archive/1/531588 http://www.securityfocus.com/bid/66387 http •
CVE-2013-5589
https://notcve.org/view.php?id=CVE-2013-5589
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en cacti/host.php en Cacti v0.8.8b y anteriores, permite a atacantes remotos ejecutar comandos SQL a través del parámetro "id". • http://bugs.cacti.net/view.php?id=2383 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/54652 http://www.debian.org/security/2013/dsa-2747 http://www.securityfocus.com/bid/62005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-5588
https://notcve.org/view.php?id=CVE-2013-5588
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. Múltiples vulnerabilidades de cross-site scripting (XSS) en Cacti v0.8.8b y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del (1) parámetro "step" en install/index.php o (2) el parámetro "id" en cacti/host.php. • http://bugs.cacti.net/view.php?id=2383 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/54652 http://www.debian.org/security/2013/dsa-2747 http://www.securityfocus.com/bid/62001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1434
https://notcve.org/view.php?id=CVE-2013-1434
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiples vulnerabilidades de inyección SQL en (1) api_poller.php y (2) utility.php en Cacti anterior a v0.8.8b permiten a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://forums.cacti.net/viewtopic.php?f=21&t=50593 http://lists.opensuse.org/opensuse-updates/2013-08/msg00053.html http://secunia.com/advisories/54181 http://secunia.com/advisories/54386 http://svn.cacti.net/viewvc?view=rev&revision=7394 http://www.debian.org/security/2012/dsa-2739 http://www.openwall.com/lists/oss-security/2013/08/07/15 http://www.securityfocus.com/bid/61657 http://www.securitytracker.com/id/1028893 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •