13 matches found
Fedora: Security Advisory (FEDORA-2024-27a594f71d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5646-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2024 https://www.debian.org/security/faq -...
Debian dsa-5646 : cacti - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5646 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5646...
[SECURITY] [DLA 3765-1] cacti security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3765-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 18, 2024 https://wiki.debian.org/LTS -...
openSUSE Security Advisory (openSUSE-SU-2024:0031-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...
Cacti pollers.php SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti RCE via SQLi in pollers.php', 'Description' = %q This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability...
Cacti pollers.php SQL Injection / Remote Code Execution Exploit
This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the...
Cacti RCE via SQLi in pollers.php
This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the Sites/Devices/Data...
Security update for cacti, cacti-spine (important)
openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2024:0031-1 Rating: important References: 1218360 1218366 1218378 1218379 1218380 1218381 Cross-References: CVE-2023-49084 CVE-2023-49085 CVE-2023-49086 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 CVSS...
CVE-2023-49084
creationtimestamp| type| source ---|---|--- 2023-12-22 00:22:18+00:00| seen| https://t.me/ctinow/158070 2023-12-28 12:41:20+00:00| published-proof-of-concept| https://t.me/ptswarm/195 2023-12-29 23:16:42+00:00| seen| https://t.me/ctinow/160709 2024-02-02 17:02:14+00:00| seen|...
CVE-2023-49084
CVE-2023-49084 affects Cacti (component: link.php) via SQL injection and insufficient include-file path handling, enabling arbitrary code execution for an authorized user. Connected advisories note this as part of multiple vulnerabilities in Cacti; Fedora 39 and Debian advisories reference upgrad...
CVE-2023-49084 Local File Inclusion (RCE) in Cacti
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...