Lucene search
+L

46 matches found

OSV
OSV
added 2024/05/14 3:25 p.m.2 views

DEBIAN-CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

8.8CVSS9.6AI score0.01791EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...

8CVSS9.9AI score0.02677EPSS
Exploits1References5
OSV
OSV
added 2024/05/13 2:24 p.m.21 views

CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...

5.4CVSS7.2AI score0.00897EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-3806 · Cacti +3 · Cacti +3

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation tree rules.php is not thoroughly checked and is used to...

9.8CVSS7.3AI score0.99826EPSS
Exploits132References199
OSV
OSV
added 2024/03/18 12:0 a.m.37 views

DLA-3765-1 cacti - security update

Bulletin has no description...

9.8CVSS6.6AI score0.87688EPSS
Exploits22
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.7 views

The vulnerability of the sql_save function in the Cacti network monitoring software exists due to insufficient validation of input data, allowing attackers to carry out attacks based on SQL injections.

The vulnerability of the sqlsave function in the Cacti network monitoring software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to carry out attacks based on SQL injections...

9CVSS7.7AI score0.01541EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.6 views

The vulnerability of the graphs_new.php component in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.

The vulnerability of the graphsnew.php component in the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

10CVSS6AI score0.00631EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.8 views

The vulnerability of the auth_changepassword.php component of the Cacti network monitoring software allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of the authchangepassword.php component of the Cacti network monitoring software is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect a user to an arbitrary URL address...

5.5CVSS6AI score0.00628EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.9 views

The vulnerability of the graph_xport.php component of the Cacti network monitoring software allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the graphxport.php component of the Cacti network monitoring software is related to an error in the handling of authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

7.8CVSS7.5AI score0.00735EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.6 views

The vulnerability of the host.php script in the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.

The vulnerability in the host.php script of the Cacti network monitoring software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

8.5CVSS6.6AI score0.00769EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.9 views

The vulnerability of the `host_new_graphs_save()` function in the Cacti network monitoring software (graphs_new.php) allows a attacker to execute arbitrary code.

The vulnerability of the hostnewgraphssave function in the Cacti network monitoring software’s script graphsnew.php involves the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using specially...

4.3CVSS7.3AI score0.02569EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/09 12:0 a.m.59 views

DSA-5298-1 cacti - security update

Bulletin has no description...

9.8CVSS9.8AI score0.99826EPSS
Exploits48
OSV
OSV
added 2020/05/20 2:15 p.m.29 views

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...

4.3CVSS6.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/03/15 12:0 a.m.7 views

PT-2024-5186

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...

9.1CVSS8.3AI score0.86303EPSS
Exploits26References76
OSV
OSV
added 2018/04/12 4:29 p.m.3 views

DEBIAN-CVE-2018-10059

Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...

5.4CVSS6.3AI score0.01156EPSS
Exploits1References1
OSV
OSV
added 2017/08/21 7:29 a.m.15 views

CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user...

5.4CVSS5.5AI score
Exploits0References4
OSV
OSV
added 2017/07/17 1:18 p.m.3 views

DEBIAN-CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...

6.1CVSS6.2AI score0.00887EPSS
Exploits0References1
OSV
OSV
added 2014/08/22 2:55 p.m.11 views

CVE-2014-5261

The graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php...

7.3AI score
Exploits0References8
OSV
OSV
added 2013/08/23 4:55 p.m.8 views

CVE-2013-1434

Multiple SQL injection vulnerabilities in 1 apipoller.php and 2 utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.3AI score
Exploits0References10
OSV
OSV
added 2012/10/25 5:55 p.m.6 views

DEBIAN-CVE-2011-5223

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

4.3CVSS7AI score0.02122EPSS
Exploits0References1
Rows per page
Query Builder