46 matches found
CVE-2010-2543
Cross-site scripting XSS vulnerability in include/topgraphheader.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graphstart parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b...
CVE-2010-1431
SQL injection vulnerability in templatesexport.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the exportitemid parameter...
CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...
CVE-2007-3112
graphimage.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphstart or 2 graphend parameter, different vectors than CVE-2007-3113...
CVE-2004-1736
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to 1 auth.php, 2 authlogin.php, 3 authchangepassword.php, and possibly other php files, which reveal the installation path in a PHP error message...
DEBIAN-CVE-2004-1737
SQL injection vulnerability in authlogin.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 password parameters...