Download
| Alert*
oval:org.secpod.oval:def:1800714
CVE-2017-10970: Cross-site scripting vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. oval:org.secpod.oval:def:56022 The host is installed with Cacti version before 1.1.16 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the issue in spikekill.php component. Successful exploitation allows remote attackers to execute arbitrary code via the avgnan ... oval:org.secpod.oval:def:1600749 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Cross-site scripting vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or ... oval:org.secpod.oval:def:112980 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113016 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. |