Download
| Alert*
|
oval:org.secpod.oval:def:2001165
A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:106895 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:107161 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:106867 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:107168 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:601701 Multiple security issues have been found in Cacti, a web frontend for RRDTool. oval:org.secpod.oval:def:56012 The host is installed with Cacti before 1.0.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the stripslashes function issue. Successful exploitation could allow attackers to conduct PHP object injection attacks and execute arbi ... oval:org.secpod.oval:def:1600200 Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the drp_action parameter to cdef.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, graph_templates.php, graphs.php, host.php, or host_t ... oval:org.secpod.oval:def:56013 The host is installed with Cacti before 1.0.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle the issue in auth_login.php component. Successful exploitation allows remote authenticated attackers who use web authentication to bypass intende ... oval:org.secpod.oval:def:56008 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the name field for a color. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56007 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname for data collectors. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56006 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the Graph Vertical Label component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:1600153 Cross-site request forgery vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that modify binary files, modify configurations, or add arbitrary users. Cross-site scripting vulnera ... oval:org.secpod.oval:def:56005 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname field for devices. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:601758 Multiple security issues have been discovered in Cacti, a web interface for graphing of monitoring systems. oval:org.secpod.oval:def:56003 The host is installed with Cacti before 1.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the view poller cache. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:105926 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. |
