NotCVE - vendor:"Cacti" product:"Cacti" version:"

Page 16 of 143 results (0.005 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-16641

https://notcve.org/view.php?id=CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. lib/rrd.php en Cacti 1.1.27 permite que administradores remotos autenticados ejecuten comandos de sistema operativo arbitrarios mediante el parámetro path_rrdtool en una petición action=save en settings.php. • https://github.com/Cacti/cacti/issues/1057 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-15194

https://notcve.org/view.php?id=CVE-2017-15194

include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. include/global_session.php en Cacti 1.1.25 tiene XSS relacionado con (1) la URI o (2) la acción refresh page. • http://www.securitytracker.com/id/1039569 https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd https://github.com/Cacti/cacti/issues/1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12978

https://notcve.org/view.php?id=CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. lib/html.php en Cacti en versiones anteriores a la 1.1.18 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) que se puede producir mediante el campo de título de un enlace externo añadido por un usuario autenticado. • http://www.securitytracker.com/id/1039226 https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 https://github.com/Cacti/cacti/issues/918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12927

https://notcve.org/view.php?id=CVE-2017-12927

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Cacti 1.1.17 en el parámetro method en spikekill.php. • http://www.securityfocus.com/bid/100490 http://www.securitytracker.com/id/1039208 https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 https://github.com/Cacti/cacti/issues/907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12066

https://notcve.org/view.php?id=CVE-2017-12066

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en aggregate_graphs.php en Cacti en versiones anteriores a la 1.1.16 permite que los usuarios remotos autenticados inyecten scripts web arbitrarios o HTML mediante cabeceras de referenciadores HTTP especialmente creadas en relación con la variable $cancel_url. NOTA: esta vulnerabilidad existe porque hay una parche incompleto (falta el flag htmlspecialchars ENT_QUOTES) para CVE-2017-11163. • https://cacti.net/release_notes.php?version=1.1.16 https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e https://github.com/Cacti/cacti/issues/877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...14 15 16 17 18