Page 18 of 125 results (0.012 seconds)

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. lib/rrd.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en parámetros no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://seclists.org/oss-sec/2014/q2/15 http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7439 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/bid/66630 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 https://securit •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. Múltiples vulnerabilidades de inyección SQL en graph_xport.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id o (8) rra_id. • http://bugs.cacti.net/view.php?id=2405 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://seclists.org/oss-sec/2014/q2/15 http://seclists.org/oss-sec/2014/q2/2 http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7439 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. Vulnerabilidad de CSRF en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para comandos no especificados, tal y como fue demostrado por solicitudes que (1)modifican archivos binarios, (2) modifican configuraciones o (3) añaden usuarios arbitrarios. • http://jvn.jp/en/jp/JVN55076671/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/archive/1/531588 http://www.securityfocus.com/bid/66392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 https://security.gentoo.org/glsa/201509-03 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en cdef.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://bugs.cacti.net/view.php?id=2431 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7443 http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. lib/graph_export.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en vectores no especificados. • http://bugs.cacti.net/view.php?id=2433 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7442 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/archive/1/531588 http://www.securityfocus.com/bid/66387 http •