Page 23 of 123 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. Vulnerabilidad de inyección SQL en Cacti 0.8.6i y anteriores, cuando register_argc_argv está activado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los argumentos (1) segundo o (2) tercero de cmd.php. NOTA: este problema puede ser aprovechado para ejecutar comandos de su elección puesto que los resultados de la consulta SQL son utilizados posteriormente en el array polling_items y la función popen. • http://secunia.com/advisories/23528 http://secunia.com/advisories/23665 http://secunia.com/advisories/23917 http://secunia.com/advisories/23941 http://security.gentoo.org/glsa/glsa-200701-23.xml http://securitytracker.com/id?1017451 http://www.cacti.net/release_notes_0_8_6j.php http://www.debian.org/security/2007/dsa-1250 http://www.mandriva.com/security/advisories?name=MDKSA-2007:015 http://www.novell.com/linux/security/advisories/2007_07_cacti.html http://www.ope •

CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 6

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. • https://www.exploit-db.com/exploits/1663 http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html http://secunia.com/advisories/17418 http://secunia.com/advisories/18233 http://secunia.com/advisories/18254 http://secunia.com/advisories/18260 http://secunia.com/advisories/18267 http://secunia.com/advisories/18276 http://secunia.com/advisories/18720 http://secunia.com/advisories/19555 http://secunia.com/advisories/19563 http://secunia.com/advisories/19590 http://secunia. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 5

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. • https://www.exploit-db.com/exploits/1663 http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html http://retrogod.altervista.org/simplog_092_incl_xpl.html http://secunia.com/advisories/17418 http://secunia.com/advisories/18233 http://secunia.com/advisories/18254 http://secunia.com/advisories/18260 http://secunia.com/advisories/18267 http://secunia.com/advisories/18276 http://secunia.com/advisories/19555 http://secunia.com/advisories/19590 http://secunia.com/advisories/19591& •

CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. • http://securitytracker.com/id?1014361 http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch http://www.debian.org/security/2005/dsa-764 http://www.hardened-php.net/advisory-052005.php http://www.securityfocus.com/archive/1/404040 http://www.securityfocus.com/bid/14130 http://www.vupen.com/english/advisories/2005/0951 •

CVSS: 7.5EPSS: 3%CPEs: 15EXPL: 0

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. • http://secunia.com/advisories/15490 http://securitytracker.com/id?1014361 http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch http://www.debian.org/security/2005/dsa-764 http://www.hardened-php.net/advisory-032005.php http://www.hardened-php.net/advisory-042005.php http://www.securityfocus.com/archive/1/404047/30/30/threaded http://www.secu •