OPENSUSE-SU-2026:10920-1 cacti-1.2.30+git457.e55c2aea-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git457.e55c2aea-1.1 package on the GA media of openSUSE Tumbleweed...

Exploit for Improper Neutralization of Line Delimiters in Cacti

CVE-2025-24367-WebShell Exploit He creado este pequeño script...

EUVD-2005-4893

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

EUVD-2005-1529

Malware in sbrugna...

EUVD-2013-1473

Malware in sbrugna...

EUVD-2005-1528

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-11025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View...

Linux Distros Unpatched Vulnerability : CVE-2019-17358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user- controlled data to populate arrays. An authenticated...

Linux Distros Unpatched Vulnerability : CVE-2022-48547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in...

Linux Distros Unpatched Vulnerability : CVE-2022-41444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability in Cacti 1.2.21 via crafted POST request to graphsnew.php. CVE-2022-41444 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2018-10060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...

Linux Distros Unpatched Vulnerability : CVE-2017-16641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request ...

Linux Distros Unpatched Vulnerability : CVE-2020-25706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in templatesimport.php Cacti 1.2.13 due to Improper escaping of error message during template import preview in...

Linux Distros Unpatched Vulnerability : CVE-2020-8813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph...

Linux Distros Unpatched Vulnerability : CVE-2020-23226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5...

Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Cacti 1.2.26 - Remote Code Execution RCE Authenticated Date: 06/01/2025 Exploit Author: D3Ext Vendor Homepage: https://cacti.net/ Software Link: https://github.com/Cacti/cacti/archive/refs/tags/release/1.2.26.zip Version: 1.2.26 Tested on: Kali Linux 2024 CVE: CVE-2024-25641...

📄 Cacti 1.2.26 Remote Code Execution

Cacti version 1.2.26 proof of concept remote code execution exploit. Exploit Title: Cacti 1.2.26 - Remote Code Execution RCE Authenticated Date: 06/01/2025 Exploit Author: D3Ext Vendor Homepage: https://cacti.net/ Software Link: https://github.com/Cacti/cacti/archive/refs/tags/release/1.2.26.zip...

Exploit for OS Command Injection in Cacti

Command injection vulnerability in Cacti CVE-2023-39362 - Po...

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...