11 matches found
Fedora: Security Advisory (FEDORA-2024-27a594f71d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5646-1] cacti security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5646-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2024 https://www.debian.org/security/faq -...
Debian dsa-5646 : cacti - security update
The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5646 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5646...
[SECURITY] [DLA 3765-1] cacti security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3765-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 18, 2024 https://wiki.debian.org/LTS -...
openSUSE Security Advisory (openSUSE-SU-2024:0031-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Metasploit Weekly Wrap-Up 02/09/2024
Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...
Cacti pollers.php SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti RCE via SQLi in pollers.php', 'Description' = %q This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability...
Cacti pollers.php SQL Injection / Remote Code Execution Exploit
This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the...
Cacti RCE via SQLi in pollers.php
This exploit module leverages a SQLi CVE-2023-49085 and a LFI CVE-2023-49084 vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script pollers.php. This is granted by setting the Sites/Devices/Data...
CVE-2023-49085
creationtimestamp| type| source ---|---|--- 2023-12-22 18:23:25+00:00| seen| https://t.me/ctinow/158512 2023-12-28 12:41:20+00:00| published-proof-of-concept| https://t.me/ptswarm/195 2023-12-29 21:17:21+00:00| seen| https://t.me/ctinow/160688 2024-02-02 17:02:14+00:00| seen|...
CVE-2023-49085
CVE-2023-49085 affects Cacti up to 1.2.25 (pollers.php) via SQL injection in pollers.php, with public references describing an attack path leading to remote code execution when combined with other vulnerabilities. Exploitation is demonstrated in a Metasploit module (requires auth with Sites/Devic...