Linux Distros Unpatched Vulnerability : CVE-2005-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell...

UBUNTU-CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2005-10004

CVE-2005-10004 affects Cacti versions prior to 0.8.6-d, with a remote command execution vulnerability in graph_view.php. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which are executed on the underlying OS with the web server’s privileges during gra...

Linux Distros Unpatched Vulnerability : CVE-2023-39361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Sin...

PT-2025-35362

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 0.8.6-d Description Cacti versions prior to 0.8.6-d contain a remote command execution issue in the graph view.php script. An authenticated user can inject arbitrary shell commands via the graph start GET parameter, whi...

CVE-2019-14286

In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability...

USN-6720-1 cacti vulnerability

Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graphview.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks...

GHSA-HM9R-7F84-25C9 Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

DEBIAN-CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

UBUNTU-CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a SQL injection vulnerability that stems from the fact...

SUSE CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

org.jenkins-ci.plugins:build-pipeline-plugin (>=1.3.4.1 <=1.5.8), org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) +8 more potentially affected by CVE-2017-1000084 via org.jenkins-ci.plugins:parameterized-trigger (>=2.12 <=2.33)

org.jenkins-ci.plugins:parameterized-trigger MAVEN version =2.12, =1.3.4.1, =1.3.1, =1.0, =1.9, =1.02, =1.0, =0.8.0, =0.16, =1.1, =0.6.6, =1.1.1 Source cves: CVE-2017-1000084 Source advisory: OSV:GHSA-MC22-25R3-2W9W...

[SECURITY] Fedora 33 Update: kernelshark-1.2-5.fc33

KernelShark is a front end reader of trace-cmd output. "trace-cmd record" and "trace-cmd extract" create a trace.dat trace-cmd.dat file. kernelshark can read this file and produce a graph and list view of its data...

Cross site scripting

In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability...

Jenkins Dependency Graph View Plugin Cross-Site Scripting (CVE-2019-10349)

A Cross-Site Scripting vulnerability exists in Jenkins Dependency Graph View plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Jenkins Dependency Graph View 0.13 Cross Site Scripting

Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact:...