MGASA-2016-0025 Updated cacti packages fix security vulnerability

Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...

Updated cacti packages fix security vulnerability

Several SQL injection vulnerabilities have been discovered in Cacti. Specially crafted input can be used by an attacker in the rraid value of the graph.php script to execute arbitrary SQL commands on the database CVE-2015-8369...

Cacti SQL注入漏洞（CNVD-2015-08486）

0x01 漏洞简述 Cacti是Cacti集团的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti 0.8.8f以前版本存在SQL注入漏洞。允许远程攻击者通过graphphp属性行动中的rraid参数执行任意SQL命令。 0x02 漏洞细节 漏洞存在于文件 /cacti-0.8.8f/graph.php line 25 includeonce"./include/topgraphheader.php"; / set default action / if !isset"action"...

UBUNTU-CVE-2015-8369

SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...

CVE-2015-8369

SQL injection vulnerability in include/topgraphheader.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rraid parameter in a properties action to graph.php...

DEBIAN-CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

Sql injection

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

Cacti 0.8.x graph.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37109/info Cacti is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...

MyOWNspace 8.2 - Multi Local File Include

No description provided by source. =========================================================================== Topic : MyOWNspacev8.2 Bug type : multi local file include Download : http://sourceforge.net/project/platformdownload.php?groupid=174729 Advisory :...

CVE-2010-4246

Multiple cross-site scripting XSS vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the 1 ifnum or 2 ifname parameter, a different vulnerability than CVE-2008-1182...

CVE-2010-2545

Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...

CVE-2010-2092

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

MyOWNspace 8.2 - Multiple Local File Inclusions

MyOWNspace 8.2 - Multiple Local File Inclusions =========================================================================== Topic : MyOWNspacev8.2 Bug type : multi local file include Download : http://sourceforge.net/project/platformdownload.php?groupid=174729 Advisory :...

MyOWNspace 8.2 - Multiple Local File Inclusions

=========================================================================== Topic : MyOWNspacev8.2 Bug type : multi local file include Download : http://sourceforge.net/project/platformdownload.php?groupid=174729 Advisory : =========================================================================...

MyOWNspace v8.2 multi local file include

Exploit for php platform in category web applications ======================================== MyOWNspace v8.2 multi local file include ======================================== =========================================================================== Topic : MyOWNspacev8.2 Bug type : multi loca...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

CVE-2009-4032

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...