7 matches found
Gentoo Security Advisory GLSA 200701-23 (cacti)
The remote host is missing updates announced in advisory GLSA 200701-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200701-23 (cacti)
The remote host is missing updates announced in advisory GLSA 200701-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1250-1 (cacti)
The remote host is missing an update to cacti announced via advisory DSA 1250-1. It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the cmd script, which allows SQL injection and the execution of arbitrary shell commands. OpenVAS Vulnerability...
SUSE-SA:2007:007: cacti
The remote host is missing the patch for the advisory SUSE-SA:2007:007 cacti. A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799. %NASLMINLEVEL 70300 C Tenable...
Debian DSA-1250-1 : cacti - missing input sanitising
It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the 'cmd' script, which allows SQL injection and the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2006-6799
SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...
CVE-2006-6799
SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...