Page 17 of 90 results (0.011 seconds)

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. Cacti versión 0.8.6i, y posiblemente otras versiones, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) por medio de un valor largo de un parámetro (1) graph_height o (2) graph_width, vectores diferentes de CVE-2007-3112. • http://bugs.cacti.net/view.php?id=955 http://fedoranews.org/updates/FEDORA-2007-219.shtml http://mdessus.free.fr/?p=15 http://osvdb.org/37019 http://secunia.com/advisories/25557 http://secunia.com/advisories/26872 http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956 http://www.mandriva.com/security/advisories?name=MDKSA-2007:184 https://bugzilla.redhat.com/show_bug.cgi? •

CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 0

graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. Cacti 0.8.6i y, posiblemente otras versiones, permite a usuarios remotos autenticados provocar una denegación de servicio (agotamiento de CPU) mediante un valor largo en los parámetros (1) graph_start o (2) graph_end. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html http://bugs.cacti.net/view.php?id=955 http://fedoranews.org/updates/FEDORA-2007-219.shtml http://mdessus.free.fr/?p=15 http://osvdb.org/37019 http://secunia.com/advisories/25557 http://secunia.com/advisories/26872 http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956 http://www.mandriva.com/security/advisories?name=MDKSA-2007:184 https: •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. Vulnerabilidad de inyección SQL en Cacti 0.8.6i y anteriores, cuando register_argc_argv está activado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los argumentos (1) segundo o (2) tercero de cmd.php. NOTA: este problema puede ser aprovechado para ejecutar comandos de su elección puesto que los resultados de la consulta SQL son utilizados posteriormente en el array polling_items y la función popen. • http://secunia.com/advisories/23528 http://secunia.com/advisories/23665 http://secunia.com/advisories/23917 http://secunia.com/advisories/23941 http://security.gentoo.org/glsa/glsa-200701-23.xml http://securitytracker.com/id?1017451 http://www.cacti.net/release_notes_0_8_6j.php http://www.debian.org/security/2007/dsa-1250 http://www.mandriva.com/security/advisories?name=MDKSA-2007:015 http://www.novell.com/linux/security/advisories/2007_07_cacti.html http://www.ope •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. • http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://securitytracker.com/id?1014252 http://www.cacti.net/release_notes_0_8_6e.php http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17424 http://www.securityfocus.com •

CVSS: 5.0EPSS: 2%CPEs: 20EXPL: 2

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. • https://www.exploit-db.com/exploits/25927 https://www.exploit-db.com/exploits/25859 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://secunia.com/advisories/16136 http://securitytracker.com/id?1014252 http://www.cacti.net/release_notes_0_8_6e.php http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefe •