Download
| Alert*
oval:org.secpod.oval:def:61567
The host is installed with Cacti 1.2.8 and is prone to an OS command injection vulnerability. A flaw is present in the application, which fails to handle graph_realtime.php. Successful exploitation could allow attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a gues ... oval:org.secpod.oval:def:117899 Spine is a supplemental poller for Cacti that makes use of pthreads to achieve excellent performance. oval:org.secpod.oval:def:117898 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1801981 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to tr ... |