74 matches found
CVE-2018-25123
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gai...
CVE-2018-25123 Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gai...
CVE-2018-25123 Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gai...
CVE-2018-25123
CVE-2018-25123 affects Nagios XI versions prior to 5.5.7, with a privilege escalation flaw in the MRTG graphing component. MRTG-related processes run with excessive privileges, enabling a local attacker with limited access to abuse file/command paths or writable resources to gain elevated privile...
PT-2025-44546
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gai...
DEBIAN-CVE-2024-55566
ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...
UBUNTU-CVE-2024-55566
ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...
CVE-2024-55566
ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...
PT-2024-36558 · Colpack +1 · Colpack +1
Name of the Vulnerable Software and Affected Versions: ColPack versions 1.0.10 through 9a7293a Description: The issue is related to the creation of predictable temporary files in ColPack, located under /tmp with names derived from an unseeded Random Number Generator RNG. This can lead to...
CVE-2024-55566
CVE-2024-55566 affects ColPack 1.0.10 through 9a7293a. A predictable temporary file in /tmp (name derived from an unseeded RNG) can lead to overwriting files or making ColPack graphing unavailable to other users. The provided documents do not specify the exact patched version; Fedora advisories n...
Number withdrawn
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool fetches data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. This CVE number has been withdrawn...
Command execution vulnerability in JGraph drawio-desktop
drawio-desktop is an Electron-based diagramming and whiteboarding desktop application. A command execution vulnerability exists in JGraph drawio-desktop that can be exploited by an attacker to cause code execution...
GHSA-Q5RG-WG7H-73M5 LibreNMS Information Disclosure
An issue was discovered in LibreNMS through 1.47. The scripts that handle graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...
Null pointer dereference
Mikrotik RouterOs 6.44.6 long-term tree suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service NULL pointer dereference...
MikroTik RouterOS 代码问题漏洞
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A memory corruption vulnerability exists in the /nova/bin/graphing process in Mikrotik RouterOs. An authenticated,...
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service Exploit
Exploit Title: GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 6.0.631.0-offlinegraphing Tested on: Windows 8.1 Pro STEPS Open the program Graficado...
openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-654)
This update for cacti, cacti-spine fixes the following issues : cacti-spine and cacti were updated to 1.2.12 : cacti fixes : - CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure boo1163749 - Fix multiple graphing bugs and web UI issues - Fix multiple warnings, PHP Exceptions...
OPENSUSE-SU-2020:0654-1 Security update for cacti, cacti-spine
This update for cacti, cacti-spine fixes the following issues: cacti-spine and cacti were updated to 1.2.12: cacti fixes: CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure boo1163749 Fix multiple graphing bugs and web UI issues Fix multiple warnings, PHP Exceptions and error...
Security update for cacti, cacti-spine (moderate)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2020:0654-1 Rating: moderate References: 1163749 Cross-References: CVE-2020-7106 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux Enterprise 12 An updat...
OS Command Injection
LibreNMS is vulnerable to OS command injection. It does not properly validate the user input via the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php, allowing an attacker to inject any RRDtool commands such as cd and ls via html/graph.php script...