46 matches found
DEBIAN-CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...
Cacti 安全漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...
CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
PT-2024-3806 · Cacti +3 · Cacti +3
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation tree rules.php is not thoroughly checked and is used to...
DLA-3765-1 cacti - security update
Bulletin has no description...
The vulnerability of the sql_save function in the Cacti network monitoring software exists due to insufficient validation of input data, allowing attackers to carry out attacks based on SQL injections.
The vulnerability of the sqlsave function in the Cacti network monitoring software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to carry out attacks based on SQL injections...
The vulnerability of the graphs_new.php component in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability of the graphsnew.php component in the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the auth_changepassword.php component of the Cacti network monitoring software allows a hacker to redirect users to any arbitrary URL address.
The vulnerability of the authchangepassword.php component of the Cacti network monitoring software is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect a user to an arbitrary URL address...
The vulnerability of the graph_xport.php component of the Cacti network monitoring software allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the graphxport.php component of the Cacti network monitoring software is related to an error in the handling of authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of the host.php script in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability in the host.php script of the Cacti network monitoring software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the `host_new_graphs_save()` function in the Cacti network monitoring software (graphs_new.php) allows a attacker to execute arbitrary code.
The vulnerability of the hostnewgraphssave function in the Cacti network monitoring software’s script graphsnew.php involves the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using specially...
DSA-5298-1 cacti - security update
Bulletin has no description...
CVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...
PT-2024-5186
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...
DEBIAN-CVE-2018-10059
Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...
CVE-2017-12978
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user...
DEBIAN-CVE-2017-1000032
Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...
CVE-2014-5261
The graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php...
CVE-2013-1434
Multiple SQL injection vulnerabilities in 1 apipoller.php and 2 utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors...
DEBIAN-CVE-2011-5223
Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...