Download
| Alert*
oval:org.secpod.oval:def:1800856
An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older. Note that this is different from CVE-2015-8377. oval:org.secpod.oval:def:602390 Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:602304 Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database. oval:org.secpod.oval:def:1800830 SQL injection in graph.php. SQL Injection of Cacti was discovered in graph.php Cacti graphs_new.php SQL Injection Vulnerability. An SQL injection was found in /cacti/graphs_new.php, affected versions 0.8.8f and older. oval:org.secpod.oval:def:1601301 The release notes for Cacti 0.8.7i indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. oval:org.secpod.oval:def:1601232 The release notes for Cacti 0.8.7h indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. oval:org.secpod.oval:def:106605 cacti is installed oval:org.secpod.oval:def:1800401 cacti is installed oval:org.secpod.oval:def:121071 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:121072 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1800714 CVE-2017-10970: Cross-site scripting vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. oval:org.secpod.oval:def:2001165 A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:1600805 include/global_session.php in Cacti 1.1.25 has XSS related to the URI or the refresh page oval:org.secpod.oval:def:69940 Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified local_graph_ ... oval:org.secpod.oval:def:2000826 Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag . oval:org.secpod.oval:def:2000713 Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. oval:org.secpod.oval:def:107161 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:106895 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:106867 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:602167 Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:107168 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:1800400 An SQL injection vulnerability was found in cacti-0.8.8.g. Affected Version: 0.8.8.g oval:org.secpod.oval:def:1600409 SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter oval:org.secpod.oval:def:110562 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1600200 Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the drp_action parameter to cdef.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, graph_templates.php, graphs.php, host.php, or host_t ... oval:org.secpod.oval:def:601087 Two security issues were found in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:110556 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1600153 Cross-site request forgery vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that modify binary files, modify configurations, or add arbitrary users. Cross-site scripting vulnera ... oval:org.secpod.oval:def:601758 Multiple security issues have been discovered in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:105926 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:601701 Multiple security issues have been found in Cacti, a web frontend for RRDTool. oval:org.secpod.oval:def:110465 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:110464 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:105785 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:1600235 snmp.php and rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Multiple SQL injection vulnerabilities in api_poller.php and utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL comman ... oval:org.secpod.oval:def:56005 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname field for devices. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56004 Cacti (32-bit) is installed oval:org.secpod.oval:def:56003 The host is installed with Cacti before 1.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the view poller cache. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56012 The host is installed with Cacti before 1.0.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the stripslashes function issue. Successful exploitation could allow attackers to conduct PHP object injection attacks and execute arbi ... oval:org.secpod.oval:def:56011 The host is installed with Cacti before 1.1.37 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in get_current_page function of lib/functions.php. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56010 The host is installed with Cacti before 1.1.37 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in sanitize_uri function of lib/functions.php. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56016 The host is installed with Cacti version 1.1.27 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle the issue in remote_agent.php request. Successful exploitation could allow remote authenticated administrators to perform remote code exe ... oval:org.secpod.oval:def:56015 The host is installed with Cacti version 1.1.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow remote authenticated administrators to read arbitrary files. oval:org.secpod.oval:def:56014 The host is installed with Cacti version 1.1.27 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in PATH_INFO to host.php. Successful exploitation could allow attackers to conduct PHP object injection attacks and execute arbi ... oval:org.secpod.oval:def:56013 The host is installed with Cacti before 1.0.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle the issue in auth_login.php component. Successful exploitation allows remote authenticated attackers who use web authentication to bypass intende ... oval:org.secpod.oval:def:56009 The host is installed with Cacti before 1.1.37 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle certain htmlspecialchars issue. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56008 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the name field for a color. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56007 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname for data collectors. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56006 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the Graph Vertical Label component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:601333 cacti is installed oval:org.secpod.oval:def:56023 The host is installed with Cacti version 1.1.13 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in auth_profile.php component. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via specia ... oval:org.secpod.oval:def:56022 The host is installed with Cacti version before 1.1.16 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the issue in spikekill.php component. Successful exploitation allows remote attackers to execute arbitrary code via the avgnan ... oval:org.secpod.oval:def:56021 The host is installed with Cacti version before 1.1.16 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in aggregate_graphs.php component. Successful exploitation could allow remote authenticated users to inject arbitrary web ... oval:org.secpod.oval:def:56020 The host is installed with Cacti version 1.1.17 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the method parameter in spikekill.php. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56025 The host is installed with Cacti version 1.1.12 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in link.php component. Successful exploitation allows remote authenticated attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:56024 The host is installed with Cacti version 1.1.12 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in aggregate_graphs.php component. Successful exploitation allows remote authenticated attackers to inject arbitrary web script ... oval:org.secpod.oval:def:56019 The host is installed with Cacti version before 1.1.18 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in lib/html.php component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56018 The host is installed with Cacti version 1.1.25 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in URI or refresh page. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56017 The host is installed with Cacti version 1.1.27 and is prone to an arbitrary OS command execution vulnerability. A flaw is present in the application, which fails to handle the issue in path_rrdtool parameter in an action=save request. Successful exploitation could allow remote authenticated adminis ... oval:org.secpod.oval:def:1600687 PHP Object Injection Vulnerabilities oval:org.secpod.oval:def:112170 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112089 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112614 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112613 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1600749 spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Cross-site scripting vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or ... oval:org.secpod.oval:def:112797 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112980 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113016 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113107 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1600781 A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user oval:org.secpod.oval:def:113585 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113363 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113364 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113670 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113631 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:113474 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:3300785 SUSE Security Update: Security update for cacti, cacti-spine oval:org.secpod.oval:def:3300333 SUSE Security Update: Security update for cacti, cacti-spine oval:org.secpod.oval:def:121883 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:121881 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:600705 Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. oval:org.secpod.oval:def:120216 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:120215 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:120206 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:88442 Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass. oval:org.secpod.oval:def:2003994 In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. oval:org.secpod.oval:def:2003995 In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account . oval:org.secpod.oval:def:2003996 Cacti 1.2.8 allows Remote Code Execution via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. oval:org.secpod.oval:def:2003997 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php . oval:org.secpod.oval:def:95572 The host is installed with Cacti 1.2.25 and is prone to an SQL injection vulnerability. A flaw is present in the application, which fails to properly handle the form_actions() function in the managers.php function. Successful exploitation allows a remote attacker to obtain sensitive information. oval:org.secpod.oval:def:94319 The host is installed with Cacti before 1.2.25 and is prone to a cross-site-scripting vulnerability. A flaw is present in the application, which fails to handle a malicious device name, related to a graph attached to a report. Successful exploitation allows an authenticated attacker to poison data s ... oval:org.secpod.oval:def:1900283 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. oval:org.secpod.oval:def:90714 Updates available for Cacti. oval:org.secpod.oval:def:3302233 Security update for cacti, cacti-spine oval:org.secpod.oval:def:126306 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:126307 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. |