CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2008-0786
https://notcve.org/view.php?id=CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Cacti 0.8.7 anterior a 0.8.7b y 0.8.6 anterior a 0.8.6k, cuando se ejecuta en intérpretes PHP antiguos, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28872 http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://secunia.com/advisories/29274 http://security.gentoo.org/glsa/glsa-200803-18.xml http://securityreason.com/securityalert/3657 http://www.cacti.net/release_notes_0_8_7b.php http://www.mandriva.com/security/advisories?name=MDVSA-2008:052 http://www.securityfocus.com/archive/1/488013/100/0/thr • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6035
https://notcve.org/view.php?id=CVE-2007-6035
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Una vulnerabilidad de inyección SQL en el archivo graph.php en Cacti versiones anteriores a 0.8.7a, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro local_graph_id. • http://bugs.gentoo.org/show_bug.cgi?id=199509 http://secunia.com/advisories/27719 http://secunia.com/advisories/27745 http://secunia.com/advisories/27756 http://secunia.com/advisories/27891 http://secunia.com/advisories/27950 http://security.gentoo.org/glsa/glsa-200712-02.xml http://www.cacti.net/release_notes_0_8_7a.php http://www.debian.org/security/2007/dsa-1418 http://www.mandriva.com/security/advisories?name=MDKSA-2007:231 http://www.novell.com/linux/secur • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 0CVE-2007-3112
https://notcve.org/view.php?id=CVE-2007-3112
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. Cacti 0.8.6i y, posiblemente otras versiones, permite a usuarios remotos autenticados provocar una denegación de servicio (agotamiento de CPU) mediante un valor largo en los parámetros (1) graph_start o (2) graph_end. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html http://bugs.cacti.net/view.php?id=955 http://fedoranews.org/updates/FEDORA-2007-219.shtml http://mdessus.free.fr/?p=15 http://osvdb.org/37019 http://secunia.com/advisories/25557 http://secunia.com/advisories/26872 http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956 http://www.mandriva.com/security/advisories?name=MDKSA-2007:184 https: •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3113
https://notcve.org/view.php?id=CVE-2007-3113
Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. Cacti versión 0.8.6i, y posiblemente otras versiones, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) por medio de un valor largo de un parámetro (1) graph_height o (2) graph_width, vectores diferentes de CVE-2007-3112. • http://bugs.cacti.net/view.php?id=955 http://fedoranews.org/updates/FEDORA-2007-219.shtml http://mdessus.free.fr/?p=15 http://osvdb.org/37019 http://secunia.com/advisories/25557 http://secunia.com/advisories/26872 http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956 http://www.mandriva.com/security/advisories?name=MDKSA-2007:184 https://bugzilla.redhat.com/show_bug.cgi? •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2006-6799
https://notcve.org/view.php?id=CVE-2006-6799
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. Vulnerabilidad de inyección SQL en Cacti 0.8.6i y anteriores, cuando register_argc_argv está activado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los argumentos (1) segundo o (2) tercero de cmd.php. NOTA: este problema puede ser aprovechado para ejecutar comandos de su elección puesto que los resultados de la consulta SQL son utilizados posteriormente en el array polling_items y la función popen. • http://secunia.com/advisories/23528 http://secunia.com/advisories/23665 http://secunia.com/advisories/23917 http://secunia.com/advisories/23941 http://security.gentoo.org/glsa/glsa-200701-23.xml http://securitytracker.com/id?1017451 http://www.cacti.net/release_notes_0_8_6j.php http://www.debian.org/security/2007/dsa-1250 http://www.mandriva.com/security/advisories?name=MDKSA-2007:015 http://www.novell.com/linux/security/advisories/2007_07_cacti.html http://www.ope •