Lucene search
+L

13 matches found

openvas
openvas
added 2024/06/07 12:0 a.m.39 views

Fedora: Security Advisory (FEDORA-2024-27a594f71d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.5AI score0.86303EPSS
Exploits35References12
debian
debian
added 2024/03/24 1:1 p.m.140 views

[SECURITY] [DSA 5646-1] cacti security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2024 https://www.debian.org/security/faq -...

8.8CVSS8.5AI score0.84628EPSS
Exploits11
nessus
nessus
added 2024/03/24 12:0 a.m.40 views

Debian dsa-5646 : cacti - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5646 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5646...

8.8CVSS6.9AI score0.84628EPSS
Exploits11References17
debian
debian
added 2024/03/18 6:26 p.m.145 views

[SECURITY] [DLA 3765-1] cacti security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3765-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 18, 2024 https://wiki.debian.org/LTS -...

9.8CVSS9.2AI score0.87688EPSS
Exploits22
openvas
openvas
added 2024/03/04 12:0 a.m.22 views

openSUSE Security Advisory (openSUSE-SU-2024:0031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.8AI score0.84628EPSS
Exploits10References8
rapid7blog
rapid7blog
added 2024/02/09 7:35 p.m.50 views

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

7.5CVSS8.6AI score0.95086EPSS
Exploits13
packetstorm
packetstorm
added 2024/02/05 12:0 a.m.381 views

Cacti pollers.php SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti RCE via SQLi in pollers.php', 'Description' = %q This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability...

8.8CVSS7.4AI score0.84628EPSS
Exploits5
zdt
zdt
added 2024/02/05 12:0 a.m.515 views

Cacti pollers.php SQL Injection / Remote Code Execution Exploit

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the...

8.8CVSS9.3AI score0.84628EPSS
Exploits5
metasploit
metasploit
added 2024/02/02 7:51 p.m.259 views

Cacti RCE via SQLi in pollers.php

This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the Sites/Devices/Data...

8.8CVSS8.4AI score0.84628EPSS
Exploits5
opensuse
opensuse
added 2024/01/24 12:0 a.m.8 views

Security update for cacti, cacti-spine (important)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2024:0031-1 Rating: important References: 1218360 1218366 1218378 1218379 1218380 1218381 Cross-References: CVE-2023-49084 CVE-2023-49085 CVE-2023-49086 CVE-2023-49088 CVE-2023-50250 CVE-2023-51448 CVSS...

8.8CVSS7.6AI score0.84628EPSS
Exploits10References6
circl
circl
added 2023/12/22 12:22 a.m.7 views

CVE-2023-49084

creationtimestamp| type| source ---|---|--- 2023-12-22 00:22:18+00:00| seen| https://t.me/ctinow/158070 2023-12-28 12:41:20+00:00| published-proof-of-concept| https://t.me/ptswarm/195 2023-12-29 23:16:42+00:00| seen| https://t.me/ctinow/160709 2024-02-02 17:02:14+00:00| seen|...

8.8CVSS8AI score0.63774EPSS
Exploits4References4
cve
cve
added 2023/12/21 11:4 p.m.85 views

CVE-2023-49084

CVE-2023-49084 affects Cacti (component: link.php) via SQL injection and insufficient include-file path handling, enabling arbitrary code execution for an authorized user. Connected advisories note this as part of multiple vulnerabilities in Cacti; Fedora 39 and Debian advisories reference upgrad...

8.8CVSS9.2AI score0.63774EPSS
Exploits4References4Affected Software1
cvelist
cvelist
added 2023/12/21 11:4 p.m.39 views

CVE-2023-49084 Local File Inclusion (RCE) in Cacti

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8CVSS9.3AI score0.63774EPSS
Exploits4References4
Rows per page
Query Builder