EUVD-2020-15979

Malware in sbrugna...

CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

Cross site scripting

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

Cacti 1.2.12 SQL Injection / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cacti color filter authenticated SQLi to RCE', 'Description' = %q This module exploits a SQL...

Cacti 1.2.12 - (filter) SQL Injection / Remote Code Execution Exploit

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295 Credits: @M4yFly...

Cacti 1.2.12 - 'filter' SQL Injection

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Date: 04/28/2021 Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

Sql injection

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

CVE-2020-14295 is a SQL injection in Cacti 1.2.12's color.php (via the filter parameter) that can lead to remote command execution due to stacked queries. Evidence shows exploits/modules exist (e.g., Metasploit references) and public advisories describe the vulnerability. Mitigation observed in u...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. Recent assessments: h00die at May 31, 2021 12:03pm UTC reported: Authenticated user is able to cause a...