17 matches found
Linux Distros Unpatched Vulnerability : CVE-2005-10004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell...
DEBIAN-CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
UBUNTU-CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...
CVE-2005-10004
CVE-2005-10004 affects Cacti versions prior to 0.8.6-d, with a remote command execution vulnerability in graph_view.php. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which are executed on the underlying OS with the web server’s privileges during gra...
Cacti 安全漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool fetches data via snmpget, uses RRDtool to draw graphs for analysis, and provides data and user management features. A security vulnerability exists in versions prior to Cacti 0.8.6-d, which...
SUSE CVE-2007-3112
graphimage.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphstart or 2 graphend parameter, different vectors than CVE-2007-3113...
DEBIAN-CVE-2010-2543
Cross-site scripting XSS vulnerability in include/topgraphheader.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graphstart parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b...
CVE-2010-2543
Cross-site scripting XSS vulnerability in include/topgraphheader.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graphstart parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b...
CVE-2009-4032
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...
CVE-2007-3112
graphimage.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphstart or 2 graphend parameter, different vectors than CVE-2007-3113...
DEBIAN-CVE-2007-3112
graphimage.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphstart or 2 graphend parameter, different vectors than CVE-2007-3113...
CVE-2007-3112
graphimage.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service CPU consumption via a large value of the 1 graphstart or 2 graphend parameter, different vectors than CVE-2007-3113...