Debian: Security Advisory (DLA-560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Open Source Cacti vulnerability affects IBM Platform RTM (CVE-2016-3172, CVE-2016-3659)

Summary Cacti is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tree.php script using the parentid parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. A remote attacker could send...

Amazon Linux: Security Advisory (ALAS-2016-711)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-560-2 cacti - regression update

Bulletin has no description...

DLA-560-1 cacti - security update

Bulletin has no description...

Debian DLA-560-2 : cacti regression update

Three security issues have been found in cacti : CVE-2016-2313 authlogin.php allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. CVE-2016-3172 A SQL injection vulnerability in tree.php allows remote...

[SECURITY] [DLA 560-1] cacti security update

Package : cacti Version : 0.8.8a+dfsg-5+deb7u9 CVE ID : CVE-2016-2313 CVE-2016-3172 CVE-2016-3659 Three security issues have been found in cacti: CVE-2016-2313 authlogin.php allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user...

Fedora 22 : cacti (2016-01198b9f9d)

Update to 0.8.8h - CVE-2016-3659 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 24 : cacti (2016-e8652e3efb)

Update to 0.8.8h - CVE-2016-3659 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 23 : cacti (2016-879977eea0)

Update to 0.8.8h - CVE-2016-3659 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora Update for cacti FEDORA-2016-e8652e3efb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: cacti

Issue Overview: SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter. CVE-2016-3659 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2016-711 t...

openSUSE Security Update : cacti (openSUSE-2016-601)

This update for cacti fixes the following issues : Security issues fixed : - CVE-2016-3172: SQL injection in tree.php boo971357 - CVE-2016-3659: SQL injection in lib/functions.php boo974013 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

CVE-2016-3659

CVE-2016-3659 describes an SQL injection in Cacti 0.8.8.g via the host_group_data parameter in graph_view.php, exploitable by remote authenticated users to execute arbitrary SQL commands. The vulnerability’s impact is noted across multiple advisories; affected packages include Cacti 0.8.8.g (and ...

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002667: Cacti SQL Injection Vulnerability bug:0002673: CVE-2016-3659 - Cacti graphview.php SQL Injection Vulnerability bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access regression...