UBUNTU-CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

Cacti <= 0.8.7e - OS Command Injection

The vulnerability can be triggered by any user doing: 1 Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ without single quotes and Save it. Edit the Device again and reload any data query already created. CMD will be executed with Web Server rights. 2 Edit or Create a Graph Template and...

DEBIAN-CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

Cacti 0.8.7e - OS Command Injection

CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability ca...