{"id": "OPENVAS:1361412562310100639", "type": "openvas", "bulletinFamily": "scanner", "title": "Cacti 'rra_id' Parameter SQL Injection Vulnerability", "description": "Cacti is prone to an SQL-injection vulnerability because it fails to\nsufficiently sanitize user-supplied data before using it in an SQL query.\n\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit\nlatent vulnerabilities in the underlying database.\n\nCacti versions 0.8.7e and prior are vulnerable.", "published": "2010-05-14T00:00:00", "modified": "2019-03-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100639", "reporter": "This script is Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html", "http://cacti.net/", "http://www.securityfocus.com/bid/40149"], "cvelist": ["CVE-2010-2092"], "lastseen": "2019-05-29T18:40:09", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2092"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2060-1:229C7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2092"]}, {"type": "gentoo", "idList": ["GLSA-201401-20"]}, {"type": "nessus", "idList": ["CACTI_087E.NASL", "DEBIAN_DSA-2060.NASL", "GENTOO_GLSA-201401-20.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:100639", "OPENVAS:1361412562310121117", "OPENVAS:136141256231067631", "OPENVAS:1361412562310830977", "OPENVAS:1361412562310831081", "OPENVAS:67631", "OPENVAS:830977", "OPENVAS:831081"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24080", "SECURITYVULNS:VULN:10937"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2092"]}]}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2010-2092"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2092"]}, {"type": "gentoo", "idList": ["GLSA-201401-20"]}, {"type": "nessus", "idList": ["CACTI_DETECT.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:830977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10937"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2092"]}]}, "exploitation": null, "vulnersScore": 6.6}, "pluginID": "1361412562310100639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_40149.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# Cacti 'rra_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100639\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-14 12:04:31 +0200 (Fri, 14 May 2010)\");\n script_cve_id(\"CVE-2010-2092\");\n script_bugtraq_id(40149);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti 'rra_id' Parameter SQL Injection Vulnerability\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/40149\");\n script_xref(name:\"URL\", value:\"http://cacti.net/\");\n script_xref(name:\"URL\", value:\"http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name:\"summary\", value:\"Cacti is prone to an SQL-injection vulnerability because it fails to\nsufficiently sanitize user-supplied data before using it in an SQL query.\n\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit\nlatent vulnerabilities in the underlying database.\n\nCacti versions 0.8.7e and prior are vulnerable.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: vers, test_version: \"0.8.7e\")) {\n report = report_fixed_ver(installed_version: vers, fixed_version: \"0.8.7e\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"openvas": [{"lastseen": "2017-12-14T11:48:27", "description": "Check for the Version of cacti", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Mandriva Update for cacti MDVSA-2010:117 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:831081", "href": "http://plugins.openvas.org/nasl.php?oid=831081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cacti MDVSA-2010:117 (cacti)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in cacti:\n\n SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier\n allows remote attackers to execute arbitrary SQL commands via the\n rra_id parameter in a GET request in conjunction with a valid rra_id\n value in a POST request or a cookie, which bypasses the validation\n routine (CVE-2010-2092).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cacti on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00019.php\");\n script_id(831081);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:117\");\n script_cve_id(\"CVE-2010-2092\");\n script_name(\"Mandriva Update for cacti MDVSA-2010:117 (cacti)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~11.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:29", "description": "Check for the Version of flashplayer", "cvss3": {}, "published": "2010-04-16T00:00:00", "type": "openvas", "title": "Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:830977", "href": "http://plugins.openvas.org/nasl.php?oid=830977", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"flashplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_insight = \"Dependency problems was discovered on Mandriva Linux 2009.0 Powerpack\n x86_64 which prevented the flashplayer and libsmbclient0 packages\n to install smoothly using MandrivaUpdate. This advisory provides the\n missing packages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00010.php\");\n script_id(830977);\n script_version(\"$Revision: 8092 $\");\n script_cve_id(\"CVE-2010-2092\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:117\");\n script_name(\"Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flashplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"idn\", rpm:\"idn~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap2\", rpm:\"libcap2~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-devel\", rpm:\"libcap-devel~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-utils\", rpm:\"libcap-utils~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11\", rpm:\"libidn11~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11-java\", rpm:\"libidn11-java~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11-mono\", rpm:\"libidn11-mono~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn-devel\", rpm:\"libidn-devel~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2_1\", rpm:\"libssh2_1~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_cap\", rpm:\"pam_cap~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap\", rpm:\"libcap~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn\", rpm:\"libidn~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap2\", rpm:\"lib64cap2~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap-devel\", rpm:\"lib64cap-devel~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11\", rpm:\"lib64idn11~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11-java\", rpm:\"lib64idn11-java~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11-mono\", rpm:\"lib64idn11-mono~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn-devel\", rpm:\"lib64idn-devel~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ssh2_1\", rpm:\"lib64ssh2_1~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ssh2-devel\", rpm:\"lib64ssh2-devel~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:10", "description": "Check for the Version of flashplayer", "cvss3": {}, "published": "2010-04-16T00:00:00", "type": "openvas", "title": "Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:1361412562310830977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830977", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"flashplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_insight = \"Dependency problems was discovered on Mandriva Linux 2009.0 Powerpack\n x86_64 which prevented the flashplayer and libsmbclient0 packages\n to install smoothly using MandrivaUpdate. This advisory provides the\n missing packages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830977\");\n script_version(\"$Revision: 8244 $\");\n script_cve_id(\"CVE-2010-2092\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:117\");\n script_name(\"Mandriva Update for flashplayer MDVA-2010:117 (flashplayer)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flashplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"idn\", rpm:\"idn~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap2\", rpm:\"libcap2~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-devel\", rpm:\"libcap-devel~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-utils\", rpm:\"libcap-utils~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11\", rpm:\"libidn11~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11-java\", rpm:\"libidn11-java~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn11-mono\", rpm:\"libidn11-mono~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn-devel\", rpm:\"libidn-devel~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2_1\", rpm:\"libssh2_1~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2-devel\", rpm:\"libssh2-devel~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_cap\", rpm:\"pam_cap~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap\", rpm:\"libcap~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libidn\", rpm:\"libidn~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap2\", rpm:\"lib64cap2~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap-devel\", rpm:\"lib64cap-devel~2.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11\", rpm:\"lib64idn11~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11-java\", rpm:\"lib64idn11-java~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn11-mono\", rpm:\"lib64idn11-mono~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64idn-devel\", rpm:\"lib64idn-devel~1.10~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ssh2_1\", rpm:\"lib64ssh2_1~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ssh2-devel\", rpm:\"lib64ssh2-devel~0.18~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:00", "description": "Cacti is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.\n\nExploiting this issue could allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\n\nCacti versions 0.8.7e and prior are vulnerable.", "cvss3": {}, "published": "2010-05-14T00:00:00", "type": "openvas", "title": "Cacti 'rra_id' Parameter SQL Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:100639", "href": "http://plugins.openvas.org/nasl.php?oid=100639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cacti_40149.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Cacti 'rra_id' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Cacti is prone to an SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in an\nSQL query.\n\nExploiting this issue could allow an attacker to compromise the\napplication, access or modify data, or exploit latent vulnerabilities\nin the underlying database.\n\nCacti versions 0.8.7e and prior are vulnerable.\";\n\n\nif (description)\n{\n script_id(100639);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-14 12:04:31 +0200 (Fri, 14 May 2010)\");\n script_cve_id(\"CVE-2010-2092\");\n script_bugtraq_id(40149);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Cacti 'rra_id' Parameter SQL Injection Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/40149\");\n script_xref(name : \"URL\" , value : \"http://cacti.net/\");\n script_xref(name : \"URL\" , value : \"http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif (!can_host_php(port:port)) exit(0);\n\nif(vers = get_version_from_kb(port:port,app:\"cacti\")) {\n\n if(version_is_less(version: vers, test_version: \"0.8.7e\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:05", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 2060-1.", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2060-1 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:136141256231067631", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067631", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2060_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n# Description: Auto-generated from advisory DSA 2060-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring\nsystems and services, is not properly validating input passed to the rra_id\nparameter of the graph.php script. Due to checking the input of $_REQUEST\nbut using $_GET input in a query an unauthenticated attacker is able to\nperform SQL injections via a crafted rra_id $_GET value and an additional\nvalid rra_id $_POST or $_COOKIE value.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-4.\n\n\nWe recommend that you upgrade your cacti packages.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 2060-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202060-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67631\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2092\");\n script_name(\"Debian Security Advisory DSA 2060-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:07", "description": "Check for the Version of cacti", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Mandriva Update for cacti MDVSA-2010:117 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:1361412562310831081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cacti MDVSA-2010:117 (cacti)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in cacti:\n\n SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier\n allows remote attackers to execute arbitrary SQL commands via the\n rra_id parameter in a GET request in conjunction with a valid rra_id\n value in a POST request or a cookie, which bypasses the validation\n routine (CVE-2010-2092).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cacti on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831081\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:117\");\n script_cve_id(\"CVE-2010-2092\");\n script_name(\"Mandriva Update for cacti MDVSA-2010:117 (cacti)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~11.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:21", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 2060-1.", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2060-1 (cacti)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67631", "href": "http://plugins.openvas.org/nasl.php?oid=67631", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2060_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2060-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring\nsystems and services, is not properly validating input passed to the rra_id\nparameter of the graph.php script. Due to checking the input of $_REQUEST\nbut using $_GET input in a query an unauthenticated attacker is able to\nperform SQL injections via a crafted rra_id $_GET value and an additional\nvalid rra_id $_POST or $_COOKIE value.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-4.\n\n\nWe recommend that you upgrade your cacti packages.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 2060-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202060-1\";\n\n\nif(description)\n{\n script_id(67631);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2092\");\n script_name(\"Debian Security Advisory DSA 2060-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:12", "description": "Gentoo Linux Local Security Checks GLSA 201401-20", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201401-20", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2544", "CVE-2013-1435", "CVE-2010-2545", "CVE-2010-2543", "CVE-2010-2092", "CVE-2013-1434", "CVE-2010-1645", "CVE-2010-1644"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121117", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201401-20.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121117\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:37 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201401-20\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201401-20\");\n script_cve_id(\"CVE-2010-1644\", \"CVE-2010-1645\", \"CVE-2010-2092\", \"CVE-2010-2543\", \"CVE-2010-2544\", \"CVE-2010-2545\", \"CVE-2013-1434\", \"CVE-2013-1435\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201401-20\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/cacti\", unaffected: make_list(\"ge 0.8.8b\"), vulnerable: make_list(\"lt 0.8.8b\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:58:42", "description": "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows\nremote attackers to execute arbitrary SQL commands via a crafted rra_id\nparameter in a GET request in conjunction with a valid rra_id value in a\nPOST request or a cookie, which causes the POST or cookie value to bypass\nthe validation routine, but inserts the $_GET value into the resulting\nquery.", "cvss3": {}, "published": "2010-05-27T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2092", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2092"], "modified": "2010-05-27T00:00:00", "id": "UB:CVE-2010-2092", "href": "https://ubuntu.com/security/CVE-2010-2092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:03:59", "description": "Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.", "cvss3": {"score": null, "vector": null}, "published": "2010-06-14T00:00:00", "type": "nessus", "title": "Debian DSA-2060-1 : cacti - insufficient input sanitization", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cacti", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2060.NASL", "href": "https://www.tenable.com/plugins/nessus/46875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2060. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46875);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2092\");\n script_bugtraq_id(40149);\n script_xref(name:\"DSA\", value:\"2060\");\n\n script_name(english:\"Debian DSA-2060-1 : cacti - insufficient input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Esser discovered that cacti, a front-end to rrdtool for\nmonitoring systems and services, is not properly validating input\npassed to the rra_id parameter of the graph.php script. Due to\nchecking the input of $_REQUEST but using $_GET input in a query an\nunauthenticated attacker is able to perform SQL injections via a\ncrafted rra_id $_GET value and an additional valid rra_id $_POST or\n$_COOKIE value.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2060\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cacti packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"cacti\", reference:\"0.8.7b-2.1+lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:16:14", "description": "According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7f. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A vulnerability exists in 'templates_export.php' due to improper validation of input to the 'export_item_id' parameter. A remote attacker can exploit this to inject SQL queries to disclose arbitrary data. (CVE-2010-1431)\n\n - Cross-site scripting vulnerabilities exist related to the 'host_id' parameter of 'data_sources.php', or the 'hostname' and 'description' parameters of 'host.php', which a remote attacker can exploit to inject arbitrary web script or HTML. (CVE-2010-1644)\n\n - A SQL injection vulnerability in 'graph.php' exists which can be exploited by a remote attacker using specially crafted GET requests to the 'rra_id' parameter which can cause a corresponding POST request or cookie to bypass proper validation. (CVE-2010-2092)", "cvss3": {"score": null, "vector": null}, "published": "2010-05-04T00:00:00", "type": "nessus", "title": "Cacti < 0.8.7f Multiple Input Validation Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1431", "CVE-2010-1644", "CVE-2010-2092"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cacti:cacti"], "id": "CACTI_087E.NASL", "href": "https://www.tenable.com/plugins/nessus/46222", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46222);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1431\", \"CVE-2010-1644\", \"CVE-2010-2092\");\n script_bugtraq_id(39653, 40149, 40332);\n script_xref(name:\"SECUNIA\", value:\"39570\");\n\n script_name(english:\"Cacti < 0.8.7f Multiple Input Validation Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cacti application\nrunning on the remote web server is prior to version 0.8.7f. It is,\ntherefore, potentially affected by the following vulnerabilities :\n\n - A vulnerability exists in 'templates_export.php' due to\n improper validation of input to the 'export_item_id'\n parameter. A remote attacker can exploit this to inject\n SQL queries to disclose arbitrary data. (CVE-2010-1431)\n\n - Cross-site scripting vulnerabilities exist related to\n the 'host_id' parameter of 'data_sources.php', or the\n 'hostname' and 'description' parameters of 'host.php',\n which a remote attacker can exploit to inject arbitrary\n web script or HTML. (CVE-2010-1644)\n\n - A SQL injection vulnerability in 'graph.php' exists\n which can be exploited by a remote attacker using\n specially crafted GET requests to the 'rra_id' parameter\n which can cause a corresponding POST request or cookie\n to bypass proper validation. (CVE-2010-2092)\");\n # http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39e1a6fb\");\n # http://www.php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49d1a123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/511393/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.cacti.net/release_notes_0_8_7f.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cacti 0.8.7f or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cacti:cacti\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cacti_detect.nasl\");\n script_require_keys(\"installed_sw/cacti\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = 'cacti';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\ninstall = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);\ninstall_url = build_url(qs:install['path'], port:port);\n\n# Versions < 0.8.7f are affected.\nver = split(install['version'], sep:'.', keep:FALSE);\nif (\n (int(ver[0]) == 0) &&\n (\n (int(ver[1]) < 8) ||\n (int(ver[1]) == 8 && ver[2] =~ '^([0-6][a-z]?|7[a-e]?)$')\n )\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n if (report_verbosity > 0)\n {\n report = '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 0.8.7e' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"Cacti\", install_url, install['version']);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:51:31", "description": "The remote host is affected by the vulnerability described in GLSA-201401-20 (Cacti: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-22T00:00:00", "type": "nessus", "title": "GLSA-201401-20 : Cacti: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1644", "CVE-2010-1645", "CVE-2010-2092", "CVE-2010-2543", "CVE-2010-2544", "CVE-2010-2545", "CVE-2013-1434", "CVE-2013-1435"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cacti", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201401-20.NASL", "href": "https://www.tenable.com/plugins/nessus/72075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201401-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72075);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1644\", \"CVE-2010-1645\", \"CVE-2010-2092\", \"CVE-2010-2543\", \"CVE-2010-2544\", \"CVE-2010-2545\", \"CVE-2013-1434\", \"CVE-2013-1435\");\n script_bugtraq_id(37109, 39639, 40149, 40332, 42575, 61657, 61847);\n script_xref(name:\"GLSA\", value:\"201401-20\");\n\n script_name(english:\"GLSA-201401-20 : Cacti: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201401-20\n(Cacti: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Cacti. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary SQL commands via specially\n crafted parameters, execute arbitrary shell code or inject malicious\n script code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201401-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Cacti users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/cacti-0.8.8b'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/cacti\", unaffected:make_list(\"ge 0.8.8b\"), vulnerable:make_list(\"lt 0.8.8b\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Cacti\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:06:15", "description": "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.", "cvss3": {}, "published": "2010-05-27T22:30:00", "type": "cve", "title": "CVE-2010-2092", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2092"], "modified": "2012-02-16T04:04:00", "cpe": ["cpe:/a:cacti:cacti:0.8.7d", "cpe:/a:cacti:cacti:0.8.6i", "cpe:/a:cacti:cacti:0.8.6h", "cpe:/a:cacti:cacti:0.8.7e", "cpe:/a:cacti:cacti:0.8.2", "cpe:/a:cacti:cacti:0.8.3a", "cpe:/a:cacti:cacti:0.5", "cpe:/a:cacti:cacti:0.6.1", "cpe:/a:cacti:cacti:0.8.5", "cpe:/a:cacti:cacti:0.8.1", "cpe:/a:cacti:cacti:0.8.6j", "cpe:/a:cacti:cacti:0.6.7", "cpe:/a:cacti:cacti:0.8.6a", "cpe:/a:cacti:cacti:0.8.6g", "cpe:/a:cacti:cacti:0.6.4", "cpe:/a:cacti:cacti:0.8.3", "cpe:/a:cacti:cacti:0.8.7", "cpe:/a:cacti:cacti:0.8.6f", "cpe:/a:cacti:cacti:0.6.5", "cpe:/a:cacti:cacti:0.6.8a", "cpe:/a:cacti:cacti:0.8.6b", "cpe:/a:cacti:cacti:0.8.6d", "cpe:/a:cacti:cacti:0.8.5a", "cpe:/a:cacti:cacti:0.8.7a", "cpe:/a:cacti:cacti:0.8.6", "cpe:/a:cacti:cacti:0.8.4", "cpe:/a:cacti:cacti:0.8.7c", "cpe:/a:cacti:cacti:0.6.6", "cpe:/a:cacti:cacti:0.6", "cpe:/a:cacti:cacti:0.8.2a", "cpe:/a:cacti:cacti:0.8.7b", "cpe:/a:cacti:cacti:0.6.2", "cpe:/a:cacti:cacti:0.8", "cpe:/a:cacti:cacti:0.6.3", "cpe:/a:cacti:cacti:0.8.6c", "cpe:/a:cacti:cacti:0.8.6k", "cpe:/a:cacti:cacti:0.6.8"], "id": "CVE-2010-2092", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cacti:cacti:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.8a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.5:-:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*", "cpe:2.3:a:cacti:cacti:0.6.6:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T19:07:05", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2010-06-17T00:00:00", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2010-06-17T00:00:00", "id": "SECURITYVULNS:VULN:10937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10937", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2060-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nJune 13th, 2010 http://www.debian.org/security/faq\r\n- ---------------------------------------------------------------------------\r\n\r\nPackage : cacti\r\nVulnerability : insufficient input sanitization\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 582691\r\nCVE ID : CVE-2010-2092\r\n\r\nStefan Esser discovered that cacti, a front-end to rrdtool for monitoring\r\nsystems and services, is not properly validating input passed to the rra_id\r\nparameter of the graph.php script. Due to checking the input of $_REQUEST\r\nbut using $_GET input in a query an unauthenticated attacker is able to\r\nperform SQL injections via a crafted rra_id $_GET value and an additional\r\nvalid rra_id $_POST or $_COOKIE value.\r\n\r\n\r\nFor the stable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 0.8.7b-2.1+lenny3.\r\n\r\nFor the testing distribution &#40;squeeze&#41;, this problem will be fixed soon.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 0.8.7e-4.\r\n\r\n\r\nWe recommend that you upgrade your cacti packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian &#40;stable&#41;\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.dsc\r\n Size/MD5 checksum: 1117 bd9650c8f8a8cd1ab9bcf9385516948f\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.diff.gz\r\n Size/MD5 checksum: 37818 5a336fe8cf710c833521544c121827d2\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz\r\n Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3_all.deb\r\n Size/MD5 checksum: 1855976 a7f99b878d484cb6efaab85357b53b66\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkwU+NYACgkQHYflSXNkfP+jBgCggIKGf/tX0g2M2zf0aXizh7gR\r\nV7EAmwRVYu2tWL+5pzJCNj219Vu5QvaD\r\n=6jQZ\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-06-17T00:00:00", "title": "[SECURITY] [DSA 2060-1] New cacti packages fix SQL injection", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-2092"], "modified": "2010-06-17T00:00:00", "id": "SECURITYVULNS:DOC:24080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24080", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2022-04-25T07:30:38", "description": "SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.", "cvss3": {}, "published": "2010-05-27T22:30:00", "type": "debiancve", "title": "CVE-2010-2092", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2092"], "modified": "2010-05-27T22:30:00", "id": "DEBIANCVE:CVE-2010-2092", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:33:57", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2060-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJune 13th, 2010 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : cacti\nVulnerability : insufficient input sanitization\nProblem type : remote\nDebian-specific: no\nDebian bug : 582691\nCVE ID : CVE-2010-2092\n\nStefan Esser discovered that cacti, a front-end to rrdtool for monitoring\nsystems and services, is not properly validating input passed to the rra_id\nparameter of the graph.php script. Due to checking the input of $_REQUEST\nbut using $_GET input in a query an unauthenticated attacker is able to\nperform SQL injections via a crafted rra_id $_GET value and an additional\nvalid rra_id $_POST or $_COOKIE value.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-4.\n\n\nWe recommend that you upgrade your cacti packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.dsc\n Size/MD5 checksum: 1117 bd9650c8f8a8cd1ab9bcf9385516948f\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.diff.gz\n Size/MD5 checksum: 37818 5a336fe8cf710c833521544c121827d2\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz\n Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3_all.deb\n Size/MD5 checksum: 1855976 a7f99b878d484cb6efaab85357b53b66\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2010-06-13T15:27:18", "type": "debian", "title": "[SECURITY] [DSA 2060-1] New cacti packages fix SQL injection", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2092"], "modified": "2010-06-13T15:27:18", "id": "DEBIAN:DSA-2060-1:229C7", "href": "https://lists.debian.org/debian-security-announce/2010/msg00103.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:26", "description": "### Background\n\nCacti is a complete network graphing solution designed to harness the power of RRDTool\u2019s data storage and graphing functionality. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Cacti users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/cacti-0.8.8b\"", "cvss3": {}, "published": "2014-01-21T00:00:00", "type": "gentoo", "title": "Cacti: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1644", "CVE-2010-1645", "CVE-2010-2092", "CVE-2010-2543", "CVE-2010-2544", "CVE-2010-2545", "CVE-2013-1434", "CVE-2013-1435"], "modified": "2014-01-21T00:00:00", "id": "GLSA-201401-20", "href": "https://security.gentoo.org/glsa/201401-20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}