Linux Distros Unpatched Vulnerability : CVE-2022-48547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in...

Cross site scripting

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti 0.8.7g and earlier...

[SECURITY] [DLA 386-1] cacti security update

Package : cacti Version : 0.8.7g-1+squeeze9+deb6u14 CVE ID : CVE-2015-8604 It was discovered that there was another SQL injection vulnerability in cacti, a web interface for graphing monitoring systems. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u14...

DLA-374-1 cacti - security update

Bulletin has no description...

[SECURITY] [DLA 278-2] cacti regression update

Package : cacti Version : 0.8.7g-1+squeeze8 The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in...

DLA-278-1 cacti - security update

Bulletin has no description...

[DLA 40-1] cacti security update

Package : cacti Version : 0.8.7g-1+squeeze5 CVE ID : CVE-2014-5025 CVE-2014-5026 CVE-2014-5261 CVE-2014-5262 Debian Bug : 755032 Multiple security issues cross-site scripting, missing input sanitizing and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring...

cacti security update

Package : cacti Version : 0.8.7g-1+squeeze4 CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002 Debian Bug : 742768 743565 752573 Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been...

cacti security update

Package : cacti Version : 0.8.7g-1+squeeze4 CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002 Debian Bug : 742768 743565 752573 Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

CVE-2014-2328

CVE-2014-2328 affects Cacti 0.8.7g, 0.8.8b and earlier. The flaw in lib/graph_export.php allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors, enabling remote command execution. Multiple connected advisories note remediation by upgrading ...

DEBIAN-CVE-2014-2708

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...

CVE-2014-2708

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...

Sql injection

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...

CVE-2014-2708

Cacti 0.8.7g/0.8.8b and earlier are affected by CVE-2014-2708 due to multiple SQL injection flaws in graph_xport.php. The underlying issue is improper handling of input parameters (graph_start, graph_end, graph_height, graph_width, graph_nolegend, print_source, local_graph_id, rra_id), allowing r...

CVE-2014-2326

Cross-site scripting XSS vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-2326

CVE-2014-2326 is an XSS vulnerability in Cacti, affecting 0.8.7g, 0.8.8b and earlier, via cdef.php (CDEF editing). Exploitation could inject arbitrary script in web context. Remediation per connected docs: upgrade to the patched release (e.g., Cacti 0.8.8d or later; vendors list updates such as 0...

Cacti < 0.8.7g Multiple XSS and HTML Injection Vulnerabilities

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7g. It is, therefore, potentially affected by multiple cross-site scripting and HTML injection vulnerabilities. An attacker may be able to exploit these issues to inject...