Lucene search
GoogleOSV:DSA-1250-1HistoryJan 17, 2007 - 12:00 a.m.
cacti
2007-01-1700:00:00
Google
osv.dev
4
0.018 Low
EPSS
Percentile
88.3%
It was discovered that cacti, a frontend to rrdtool, performs insufficient
validation of data passed to the cmd script, which allows SQL
injection and the execution of arbitrary shell commands.
For the stable distribution (sarge) this problem has been fixed in
version 0.8.6c-7sarge4.
For the upcoming stable distribution (etch) this problem has been
fixed in version 0.8.6i-3.
For the unstable distribution (sid) this problem has been fixed in
version 0.8.6i-3.
We recommend that you upgrade your cacti package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cacti | eq | 0.8.6c-7sarge3 | |
| cacti | eq | 0.8.6c-7sarge2 | |
| cacti | eq | 0.8.6c-7 |
References
Related
gentoo
gentoo
Cacti: Command execution and SQL injection
2007-01-26 00:00:00
openvas
openvas
SuSE Update for cacti SUSE-SA:2007:007
2009-01-28 00:00:00
Debian: Security Advisory (DSA-1250-1)
2008-01-17 00:00:00
FreeBSD Ports: cacti
2008-09-04 00:00:00
cvelist
cvelist
CVE-2006-6799
2006-12-28 21:00:00
suse
suse
remote code execution in cacti
2007-01-12 16:16:25
nessus
nessus
SUSE-SA:2007:007: cacti
2007-02-18 00:00:00
Debian DSA-1250-1 : cacti - missing input sanitising
2007-01-26 00:00:00
GLSA-200701-23 : Cacti: Command execution and SQL injection
2007-02-09 00:00:00
debian
debian
[SECURITY] [DSA 1250-1] New cacti packages fix arbitrary code execution
2007-01-17 18:24:39
nvd
nvd
CVE-2006-6799
2006-12-28 21:28:00
debiancve
debiancve
CVE-2006-6799
2006-12-28 21:28:00
cve
cve
CVE-2006-6799
2006-12-28 21:28:00
ubuntucve
ubuntucve
CVE-2006-6799
2006-12-28 00:00:00
securityvulns
securityvulns