CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5025
https://notcve.org/view.php?id=CVE-2014-5025
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. Vulnerabilidad de XSS en data_sources.php en Cacti 0.8.8b permite a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro name_cache en una acción ds_edit. • http://bugs.cacti.net/view.php?id=2456 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://www.debian.org/security/2014/dsa-3007 http://www.openwall.com/lists/oss-security/2014/07/22/9 http://www.securityfocus.com/bid/68759 https://exchange.xforce.ibmcloud.com/vulnerabilities/94814 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5026
https://notcve.org/view.php?id=CVE-2014-5026
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un título de árbol de gráfico en una acción de eliminación o (2) de editar; (3) CDEF Name, (4) Data Input Method Name, o (5) Host Templates Name en una acción de eliminación; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name en una acción de eliminación o (9) duplicar. • http://bugs.cacti.net/view.php?id=2456 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://seclists.org/oss-sec/2014/q3/244 http://www.debian.org/security/2014/dsa-3007 http://www.openwall.com/lists/oss-security/2014/07/22/9 http://www.securityfocus.com/bid/68759 https://exchange.xforce.ibmcloud.com/vulnerabilities/94816 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4002
https://notcve.org/view.php?id=CVE-2014-4002
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. Múltiples vulñnerabilidades de XSS en Cacti 0.8.8b permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) drp_action en cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php o (9) host_templates.php o el parámetro (10) graph_template_input_id o (11) graph_template_id en graph_templates_inputs.php. • http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://secunia.com/advisories/59517 http://svn.cacti.net/viewvc?view=rev&revision=7451 http://svn.cacti.net/viewvc?view=rev&revision=7452 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/bid/68257 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-2709
https://notcve.org/view.php?id=CVE-2014-2709
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. lib/rrd.php en Cacti 0.8.7g, 0.8.8b y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en parámetros no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://seclists.org/oss-sec/2014/q2/15 http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7439 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/bid/66630 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 https://securit •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2708
https://notcve.org/view.php?id=CVE-2014-2708
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. Múltiples vulnerabilidades de inyección SQL en graph_xport.php en Cacti 0.8.7g, 0.8.8b y versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id o (8) rra_id. • http://bugs.cacti.net/view.php?id=2405 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://seclists.org/oss-sec/2014/q2/15 http://seclists.org/oss-sec/2014/q2/2 http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 http://svn.cacti.net/viewvc?view=rev&revision=7439 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •