CVE-2008-0786
https://notcve.org/view.php?id=CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Cacti 0.8.7 anterior a 0.8.7b y 0.8.6 anterior a 0.8.6k, cuando se ejecuta en intérpretes PHP antiguos, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28872 http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://secunia.com/advisories/29274 http://security.gentoo.org/glsa/glsa-200803-18.xml http://securityreason.com/securityalert/3657 http://www.cacti.net/release_notes_0_8_7b.php http://www.mandriva.com/security/advisories?name=MDVSA-2008:052 http://www.securityfocus.com/archive/1/488013/100/0/thr • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-6035
https://notcve.org/view.php?id=CVE-2007-6035
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Una vulnerabilidad de inyección SQL en el archivo graph.php en Cacti versiones anteriores a 0.8.7a, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro local_graph_id. • http://bugs.gentoo.org/show_bug.cgi?id=199509 http://secunia.com/advisories/27719 http://secunia.com/advisories/27745 http://secunia.com/advisories/27756 http://secunia.com/advisories/27891 http://secunia.com/advisories/27950 http://security.gentoo.org/glsa/glsa-200712-02.xml http://www.cacti.net/release_notes_0_8_7a.php http://www.debian.org/security/2007/dsa-1418 http://www.mandriva.com/security/advisories?name=MDKSA-2007:231 http://www.novell.com/linux/secur • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •