Page 25 of 143 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 1

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. Vulnerabilidad de inyección SQL en templates_export.php en Cacti v0.8.7e y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro export_item_id. • https://www.exploit-db.com/exploits/12338 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://seclists.org/fulldisclosure/2010/Apr/272 http://secunia.com/advisories/39568 http://secunia.com/advisories/39572 http://secunia.com/advisories/41041 http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch http://www.debian.org/security/2010/dsa-2039 http://www.exploit-d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 5%CPEs: 16EXPL: 3

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. Cacti v0.8.7e y anteriores permite a administradores remotos autenticados obtener privilegios modificando el "Data Input Method" (método de entrada de datos) para la opción "Linux - Get Memory Usage" (Linux - obtener utilización de la memoria) para contener comandos de su elección. • https://www.exploit-db.com/exploits/33377 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://www.openwall.com/lists/oss-security/2009/11/26/1 http://www.openwall.com&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php. Múltiples vulnerabilidades de XSS en Cacti 0.8.7e permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores relacionados con (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php y (4) lib/timespan_settings.php, como es demostrado por los parámetros (a) graph_end o (b) graph_start a graph.php; (c) el parámetro date1 en una acción tree a graph_view.php; y los parámetros (d) page_refresh y (e) default_dual_pane_width a graph_settings.php. Cacti versions 0.8.7e and below suffer from cross site scripting and privilege escalation vulnerabilities. • https://www.exploit-db.com/exploits/33374 https://www.exploit-db.com/exploits/10234 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html http://bugs.gentoo.org/show_bug.cgi?id=294573 http://docs.cacti.net/#cross-site_scripting_fixes http://jvn.jp/en/jp/JVN09758120/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html http://secunia.com/advisories/37481 http://secunia.com/advisories/37934 http://secunia.com/advisories/38087 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Cacti versión 0.8.7 anterior a 0.8.7b y versión 0.8.6 anterior a 0.8.6k, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de (1) el parámetro view_type en el archivo graph.php; (2) el parámetro filter en el archivo graph_view.php; (3) el parámetro action en la función draw_navigation_text en el archivo lib/functions.php, accesible por medio del archivo index.php (también conocido como la página de inicio de sesión) o el archivo data_input.php; o (4) el parámetro login_username en el archivo index.php. • https://www.exploit-db.com/exploits/31158 https://www.exploit-db.com/exploits/31157 http://bugs.cacti.net/view.php?id=1245 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28872 http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://secunia.com/advisories/29274 http://secunia.com/advisories/30045 http://security.gentoo.org/glsa/glsa-200803-18.xml http://securityreason.com/securityalert/3657 http&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 1

graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. Graph.php en Cacti 0.8.7 anterior a 0.8.7b y 0.8.6 anterior a 0.8.6k, permite a atacantes remotos obtener la ruta completa a través de un parámetro local_graph_id inválido y otros vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28872 http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://secunia.com/advisories/29274 http://security.gentoo.org/glsa/glsa-200803-18.xml http://securityreason.com/securityalert/3657 http://www.cacti.net/release_notes_0_8_7b.php http://www.mandriva.com/security/advisories?name=MDVSA-2008:052 http://www.securityfocus.com/archive/1/488013/100/0/thr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •