DEBIAN-CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

CVE-2010-2545

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via 1 the name element in an XML template to templatesimport.php; and allow remote...

PT-2010-4094 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7g Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to an incorrect fix for a previous issue. The graph start parameter to the...

No title provided

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

No title provided

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

FreeBSD : cacti -- multiple vulnerabilities (e02e6a4e-6b26-11df-96b2-0015587e2cc1)

Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows : - SQL injection and shell escaping issues - Cross-site scripting issues - Cacti Graph Viewer SQL injection vulnerability %NASLMINLEVEL 70300 C...

cacti -- multiple vulnerabilities

Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows: SQL injection and shell escaping issues Cross-site scripting issues Cacti Graph Viewer SQL injection vulnerability...

Cacti 0.8.7e - OS Command Injection

CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability ca...

cacti -- SQL injection and command execution vulnerabilities

Bonsai information security reports: A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the "exportitemid" parameter to "templatesexport.php" script is not properly sanitized before being used in a SQL query. The sam...

Joomla DW Graph Local File Inclusion

--------------------------------------------------------------------------------- Joomla Component DW Graph Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn : [email protected] Date : ...

Joomla Component com_dwgraphs Local File Inclusion

Exploit for php platform in category web applications ================================================== Joomla Component comdwgraphs Local File Inclusion ================================================== Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn : email protected Date : 31 March...

Joomla Component DW Graph Local File Inclusion

No description provided by source. --------------------------------------------------------------------------------- Joomla Component DW Graph Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email &...

Joomla! Component DW Graph - Local File Inclusion

Joomla! Component DW Graph - Local File Inclusion --------------------------------------------------------------------------------- Joomla Component DW Graph Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group :...

Joomla! Component DW Graph - Local File Inclusion

--------------------------------------------------------------------------------- Joomla Component DW Graph Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatinHackTeam Email & msn : [email protected] Date : ...

Microsoft Excel File Named Graph Record Parsing Stack Overflow (MS07-023; CVE-2007-0215)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...

DEBIAN-CVE-2009-4032

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

PT-2009-6215 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti version 0.8.7e Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected areas include graph.php, include/top gra...

CVE-2008-6504

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...