Download
| Alert*
oval:org.secpod.oval:def:602390
Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:602304 Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:1800830 SQL injection in graph.php. SQL Injection of Cacti was discovered in graph.php Cacti graphs_new.php SQL Injection Vulnerability. An SQL injection was found in /cacti/graphs_new.php, affected versions 0.8.8f and older. oval:org.secpod.oval:def:1800856 An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older. Note that this is different from CVE-2015-8377. oval:org.secpod.oval:def:2001165 A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:56012 The host is installed with Cacti before 1.0.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the stripslashes function issue. Successful exploitation could allow attackers to conduct PHP object injection attacks and execute arbi ... oval:org.secpod.oval:def:56013 The host is installed with Cacti before 1.0.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle the issue in auth_login.php component. Successful exploitation allows remote authenticated attackers who use web authentication to bypass intende ... oval:org.secpod.oval:def:56008 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the name field for a color. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56007 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname for data collectors. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56006 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the Graph Vertical Label component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56005 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname field for devices. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56003 The host is installed with Cacti before 1.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the view poller cache. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. |