29 matches found
EUVD-2016-4214
Malware in sbrugna...
EUVD-2017-7963
Malware in sbrugna...
EUVD-2015-0924
Malware in sbrugna...
EUVD-2017-7845
Malware in sbrugna...
EUVD-2023-43236
Malicious code in bioql PyPI...
PT-2025-6448 · Cacti +1 · Cacti +1
Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.29 and earlier Description: The issue allows SQL injection in the template function in host templates.php via the graph template parameter. This problem exists due to an incomplete fix for a previous issue. Recommendations:...
DSA-5862-1 cacti - security update
Bulletin has no description...
CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...
PT-2025-1299
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29 Cacti versions prior to 1.2.24+ds1-1+deb12u5 Cacti versions prior to 1.2.16+ds1-2+deb11u5 Description Cacti, a web interface for graphing of monitoring systems, contains a flaw in its multi-line SNMP result parse...
DEBIAN-CVE-2024-31460
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...
Cacti 安全漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...
CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raisemessagejavascript from lib/functions.php now uses purify.js to fix CVE-2023-50250...
PT-2024-3806 · Cacti +3 · Cacti +3
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation tree rules.php is not thoroughly checked and is used to...
DLA-3765-1 cacti - security update
Bulletin has no description...
DSA-5298-1 cacti - security update
Bulletin has no description...
CVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...
PT-2024-5186
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...
DEBIAN-CVE-2018-10059
Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...
CVE-2017-12978
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user...
DEBIAN-CVE-2017-1000032
Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...