Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2015-0306
HistoryAug 10, 2015 - 5:31 p.m.

Updated cacti package fixes security vulnerability

2015-08-1017:31:41
Gentoo Foundation
advisories.mageia.org
5

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2015-2665). SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id (CVE-2015-4342). SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php (CVE-2015-4454). SQL injection vulnerability in Cacti before 0.8.8e in graphs.php (CVE-2015-4634). The cacti package has been updated to version 0.8.8e, which fixes this issue, as well as other SQL injection and XSS issues and other bugs

OSVersionArchitecturePackageVersionFilename
Mageia4noarchcacti< 0.8.8f-1cacti-0.8.8f-1.mga4
Mageia5noarchcacti< 0.8.8f-1cacti-0.8.8f-1.mga5

Related

openvas 10
nessus 12
fedora 3
debian 5
osv 4
securityvulns 4
amazon 1
debiancve 4
prion 4
cve 4
ubuntucve 4
freebsd 2
openvas
openvas
Mageia Linux Local Check: mgasa-2015-0306
2015-10-15 00:00:00
Debian Security Advisory DSA 3295-1 (cacti - security update)
2015-06-24 00:00:00
Debian Security Advisory DSA 3295-1 (cacti - security update)
2015-06-24 00:00:00
nessus
nessus
Fedora 24 : cacti-0.8.8g-1.fc24 (2016-852a39e085)
2016-05-09 00:00:00
Debian DLA-255-1 : cacti security update
2015-06-29 00:00:00
Fedora 22 : cacti-0.8.8g-1.fc22 (2016-4a5ce6a6c0)
2016-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: cacti-0.8.8g-1.fc24
2016-05-07 12:52:51
[SECURITY] Fedora 22 Update: cacti-0.8.8g-1.fc22
2016-05-04 05:51:43
[SECURITY] Fedora 23 Update: cacti-0.8.8g-1.fc23
2016-05-04 05:24:25
debian
debian
[SECURITY] [DSA 3295-1] cacti security update
2015-06-24 18:48:58
[SECURITY] [DSA 3295-1] cacti security update
2015-06-24 18:48:58
[SECURITY] [DLA 255-1] cacti security update
2015-06-27 11:09:41
osv
osv
cacti - security update
2015-06-27 00:00:00
cacti - security update
2015-07-22 00:00:00
cacti - security update
2015-07-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3295-1] cacti security update
2015-07-05 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-07-05 00:00:00
[SECURITY] [DSA 3312-1] cacti security update
2015-07-27 00:00:00
amazon
amazon
Medium: cacti
2016-03-24 12:00:00
debiancve
debiancve
CVE-2015-4634
2015-08-11 14:59:00
CVE-2015-4454
2015-06-17 18:59:00
CVE-2015-2665
2015-06-17 18:59:00
prion
prion
Sql injection
2015-06-17 18:59:00
Sql injection
2015-08-11 14:59:00
Sql injection
2015-06-17 18:59:00
cve
cve
CVE-2015-4454
2015-06-17 18:59:00
CVE-2015-4634
2015-08-11 14:59:00
CVE-2015-4342
2015-06-17 18:59:00
ubuntucve
ubuntucve
CVE-2015-4634
2015-08-11 00:00:00
CVE-2015-4454
2015-06-17 00:00:00
CVE-2015-2665
2015-06-17 00:00:00
freebsd
freebsd
cacti -- Multiple XSS and SQL injection vulnerabilities
2015-07-12 00:00:00
cacti -- Multiple XSS and SQL injection vulnerabilities
2015-06-09 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.0%

JSON
Related for MGASA-2015-0306
openvas10nessus12fedora3debian5osv4securityvulns4amazon1debiancve4prion4cve4ubuntucve4freebsd2