NotCVE - vendor:"Cacti" product:"Cacti" version:" <= 1.2.6"

Page 23 of 121 results (0.005 seconds)

CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 6

CVE-2006-0146 – Simplog 0.9.2 - 's' Remote Command Execution

https://notcve.org/view.php?id=CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. • https://www.exploit-db.com/exploits/1663 http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html http://secunia.com/advisories/17418 http://secunia.com/advisories/18233 http://secunia.com/advisories/18254 http://secunia.com/advisories/18260 http://secunia.com/advisories/18267 http://secunia.com/advisories/18276 http://secunia.com/advisories/18720 http://secunia.com/advisories/19555 http://secunia.com/advisories/19563 http://secunia.com/advisories/19590 http://secunia. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 3%CPEs: 15EXPL: 0

CVE-2005-2148

https://notcve.org/view.php?id=CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. • http://secunia.com/advisories/15490 http://securitytracker.com/id?1014361 http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch http://www.debian.org/security/2005/dsa-764 http://www.hardened-php.net/advisory-032005.php http://www.hardened-php.net/advisory-042005.php http://www.securityfocus.com/archive/1/404047/30/30/threaded http://www.secu •

CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2005-2149

https://notcve.org/view.php?id=CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. • http://securitytracker.com/id?1014361 http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch http://www.debian.org/security/2005/dsa-764 http://www.hardened-php.net/advisory-052005.php http://www.securityfocus.com/archive/1/404040 http://www.securityfocus.com/bid/14130 http://www.vupen.com/english/advisories/2005/0951 •

CVSS: 5.0EPSS: 2%CPEs: 20EXPL: 2

CVE-2005-1524 – RaXnet Cacti 0.5/0.6.x/0.8.x - 'Graph_Image.php' Remote Command Execution Variant

https://notcve.org/view.php?id=CVE-2005-1524

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. • https://www.exploit-db.com/exploits/25927 https://www.exploit-db.com/exploits/25859 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://secunia.com/advisories/16136 http://securitytracker.com/id?1014252 http://www.cacti.net/release_notes_0_8_6e.php http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefe •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2005-1525

https://notcve.org/view.php?id=CVE-2005-1525

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. • http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 http://securitytracker.com/id?1014252 http://www.cacti.net/release_notes_0_8_6e.php http://www.debian.org/security/2005/dsa-764 http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.osvdb.org/17424 http://www.securityfocus.com •

1...21 22 23 24 25