Filtered by vendor Cacti
Subscriptions
Filtered by product Cacti
Subscriptions
Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3659 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | ||||
CVE-2016-3172 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | ||||
CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2024-11-21 | N/A |
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | ||||
CVE-2016-10700 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. | ||||
CVE-2015-8604 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | ||||
CVE-2015-8377 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | ||||
CVE-2015-8369 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | ||||
CVE-2015-4634 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | ||||
CVE-2015-4454 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A |
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | ||||
CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A |
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | ||||
CVE-2015-2967 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-2665 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-0916 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | ||||
CVE-2014-5262 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2014-5261 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | ||||
CVE-2014-5026 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. | ||||
CVE-2014-5025 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action. | ||||
CVE-2014-4002 | 2 Cacti, Opensuse | 2 Cacti, Opensuse | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. | ||||
CVE-2014-4000 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | ||||
CVE-2014-2709 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | N/A |
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. |