NotCVE - vendor:"Cacti" product:"Cacti" version:"

Page 15 of 139 results (0.007 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16661

https://notcve.org/view.php?id=CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. Cacti 1.1.27 permite que administradores remotos autenticados lean archivos arbitrarios colocando la ruta de acceso a registros en un directorio privado y, a continuación, realizando una petición clog.php?filename=, tal y como demuestra filename=passwd (con una ruta de acceso a registros bajo /etc) para leer /etc/passwd. • https://github.com/Cacti/cacti/issues/1066 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16641

https://notcve.org/view.php?id=CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. lib/rrd.php en Cacti 1.1.27 permite que administradores remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante el parámetro path_rrdtool en una petición action=save en settings.php. • https://github.com/Cacti/cacti/issues/1057 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15194

https://notcve.org/view.php?id=CVE-2017-15194

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. include/global_session.php en Cacti 1.1.25 tiene XSS relacionado con (1) la URI o (2) la acción refresh page. • http://www.securitytracker.com/id/1039569 https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd https://github.com/Cacti/cacti/issues/1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12978

https://notcve.org/view.php?id=CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. lib/html.php en Cacti en versiones anteriores a la 1.1.18 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) que se puede producir mediante el campo de título de un enlace externo añadido por un usuario autenticado. • http://www.securitytracker.com/id/1039226 https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 https://github.com/Cacti/cacti/issues/918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12927

https://notcve.org/view.php?id=CVE-2017-12927

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Cacti 1.1.17 en el parámetro method en spikekill.php. • http://www.securityfocus.com/bid/100490 http://www.securitytracker.com/id/1039208 https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 https://github.com/Cacti/cacti/issues/907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...13 14 15 16 17