CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 4CVE-2015-8604 – Cacti 0.8.8f graphs_new.php SQL Injection
https://notcve.org/view.php?id=CVE-2015-8604
09 Jan 2016 — SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro cg_g en una acción de guardado. Two SQL injection vulnerabilities were discovered... • https://packetstorm.news/files/id/135191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8377 – Debian Security Advisory 3494-1
https://notcve.org/view.php?id=CVE-2015-8377
15 Dec 2015 — SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. Vulnerabilidad de inyección SQL en la función host_new_graphs_save en graphs_new.php en Cacti 0.8.8f y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados manipulados en el p... • http://seclists.org/fulldisclosure/2015/Dec/57 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 3CVE-2015-8369 – Debian Security Advisory 3423-1
https://notcve.org/view.php?id=CVE-2015-8369
09 Dec 2015 — SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. Vulnerabilidad de inyección SQL en include/top_graph_header.php en Cacti 0.8.8f y en versiones anteriores permite a atacantes remotos ejecutar comandosSQL arbitrarios a través del parámetro rra_id en una acción de propiedades en graph.php. Several SQL injection vulnerabilities have been discovered in Ca... • https://packetstorm.news/files/id/134724 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-4634 – Debian Security Advisory 3312-1
https://notcve.org/view.php?id=CVE-2015-4634
22 Jul 2015 — SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. Vulnerabilidad de inyección SQL en graphs.php en Cacti en versiones anteriores a 0.8.8e, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id. Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2577 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2967 – Gentoo Linux Security Advisory 201509-03
https://notcve.org/view.php?id=CVE-2015-2967
10 Jul 2015 — Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en settings.php en Cacti en versiones anteriores a la 0.8.8d, permite a los atacantes inyectar secuencias de comandos web arbitrarios o HTML a través de vectores inespecíficos. Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. Versions less than 0.8.8d are affec... • http://jvn.jp/en/jp/JVN78187936/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4454 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4454
17 Jun 2015 — SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Vulnerabilidad de inyección SQL en la función get_hash_graph_template en lib/functions.php en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro graph_template_id en graph_templates.php. Several vulnerabilities (cross-site s... • http://bugs.cacti.net/view.php?id=2572 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2665 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-2665
17 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Cacti anterior a 0.8.8d permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4342 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4342
09 Jun 2015 — SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Vulnerabilidad de inyección SQL en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados que involucran un id cdef. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0916
https://notcve.org/view.php?id=CVE-2015-0916
22 May 2015 — SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. Vulnerabilidad de inyección SQL en graph.php en Cacti anterior a 0.8.6f permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro local_graph_id, una vulnerabilidad diferente a CVE-2007-6035. • http://jvn.jp/en/jp/JVN18957556/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 2CVE-2014-5026 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5026
20 Aug 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acce... • http://bugs.cacti.net/view.php?id=2456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •