Download
| Alert*
oval:org.secpod.oval:def:2001165
A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:106867 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:107168 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:56012 The host is installed with Cacti before 1.0.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the stripslashes function issue. Successful exploitation could allow attackers to conduct PHP object injection attacks and execute arbi ... oval:org.secpod.oval:def:56013 The host is installed with Cacti before 1.0.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle the issue in auth_login.php component. Successful exploitation allows remote authenticated attackers who use web authentication to bypass intende ... oval:org.secpod.oval:def:56008 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the name field for a color. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56007 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname for data collectors. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56006 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the Graph Vertical Label component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:601087 Two security issues were found in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:1600235 snmp.php and rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Multiple SQL injection vulnerabilities in api_poller.php and utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL comman ... oval:org.secpod.oval:def:56005 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname field for devices. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:601758 Multiple security issues have been discovered in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:56003 The host is installed with Cacti before 1.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the view poller cache. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:105926 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:105785 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. |