CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0916
https://notcve.org/view.php?id=CVE-2015-0916
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. Vulnerabilidad de inyección SQL en graph.php en Cacti anterior a 0.8.6f permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id, una vulnerabilidad diferente a CVE-2007-6035. • http://jvn.jp/en/jp/JVN18957556/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000064 http://www.cacti.net/release_notes_0_8_6f.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5025
https://notcve.org/view.php?id=CVE-2014-5025
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. Vulnerabilidad de XSS en data_sources.php en Cacti 0.8.8b permite a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name_cache en una acción ds_edit. • http://bugs.cacti.net/view.php?id=2456 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://www.debian.org/security/2014/dsa-3007 http://www.openwall.com/lists/oss-security/2014/07/22/9 http://www.securityfocus.com/bid/68759 https://exchange.xforce.ibmcloud.com/vulnerabilities/94814 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5026
https://notcve.org/view.php?id=CVE-2014-5026
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un título de árbol de gráfico en una acción de eliminación o (2) de editar; (3) CDEF Name, (4) Data Input Method Name, o (5) Host Templates Name en una acción de eliminación; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name en una acción de eliminación o (9) duplicar. • http://bugs.cacti.net/view.php?id=2456 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://seclists.org/oss-sec/2014/q3/244 http://www.debian.org/security/2014/dsa-3007 http://www.openwall.com/lists/oss-security/2014/07/22/9 http://www.securityfocus.com/bid/68759 https://exchange.xforce.ibmcloud.com/vulnerabilities/94816 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2014-5261
https://notcve.org/view.php?id=CVE-2014-5261
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. La secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un tamaño de fuente, relacionado con la línea de comando rrdtool en lib/rrd.php. • http://seclists.org/oss-sec/2014/q3/351 http://seclists.org/oss-sec/2014/q3/386 http://svn.cacti.net/viewvc?view=rev&revision=7454 http://www.debian.org/security/2014/dsa-3007 http://www.securityfocus.com/bid/69213 https://bugzilla.redhat.com/show_bug.cgi?id=1127165 https://exchange.xforce.ibmcloud.com/vulnerabilities/95292 https://security.gentoo.org/glsa/201607-05 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-5262
https://notcve.org/view.php?id=CVE-2014-5262
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la secuencia de comandos de configuraciones gráficas (graph_settings.php) en Cacti 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://seclists.org/oss-sec/2014/q3/351 http://seclists.org/oss-sec/2014/q3/386 http://svn.cacti.net/viewvc?view=rev&revision=7454 http://www.debian.org/security/2014/dsa-3007 http://www.securityfocus.com/bid/69213 https://bugzilla.redhat.com/show_bug.cgi?id=1127165 https://exchange.xforce.ibmcloud.com/vulnerabilities/95292 https://security.gentoo.org/glsa/201607-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •