Lucene search
+L

20 matches found

nvd
nvd
added 2025/08/30 2:15 p.m.6 views

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.8CVSS0.01781EPSS
Exploits1References6
osv
osv
added 2025/08/30 2:15 p.m.3 views

DEBIAN-CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.8CVSS6.2AI score0.01781EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/08/30 1:45 p.m.2 views

CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.7CVSS7.1AI score0.01781EPSS
Exploits1References6
cvelist
cvelist
added 2025/08/30 1:45 p.m.10 views

CVE-2005-10004 Cacti graph_view.php RCE via graph_start Parameter Injection

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.7CVSS0.01781EPSS
Exploits1References6
cve
cve
added 2025/08/30 1:45 p.m.29 views

CVE-2005-10004

CVE-2005-10004 affects Cacti versions prior to 0.8.6-d, with a remote command execution vulnerability in graph_view.php. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which are executed on the underlying OS with the web server’s privileges during gra...

8.8CVSS7.1AI score0.01781EPSS
Exploits1References6Affected Software1
cnnvd
cnnvd
added 2025/08/30 12:0 a.m.6 views

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool fetches data via snmpget, uses RRDtool to draw graphs for analysis, and provides data and user management features. A security vulnerability exists in versions prior to Cacti 0.8.6-d, which...

8.8CVSS6.7AI score0.01781EPSS
Exploits1References8
prion
prion
added 2023/09/05 9:15 p.m.32 views

Sql injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

7.5CVSS9.9AI score0.87688EPSS
Exploits2References5Affected Software2
cve
cve
added 2023/09/05 8:58 p.m.106 views

CVE-2023-39361

CVE-2023-39361 affects Cacti (notably 1.2.24) via a SQL injection in graph_view.php. The vulnerability arises when guest users can access graph_view.php without authentication, enabling an attacker to inject SQL through the rfilter parameter (within the grow_right_pane_tree path) and potentially ...

9.8CVSS10AI score0.87688EPSS
In wildExploits2References6Affected Software1
susecve
susecve
added 2023/02/15 6:1 a.m.5 views

SUSE CVE-2009-4032

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

4.3CVSS6AI score0.05739EPSS
Exploits6References4
nessus
nessus
added 2016/06/06 12:0 a.m.58 views

Amazon Linux AMI : cacti (ALAS-2016-711)

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter. CVE-2016-3659 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux...

8.8CVSS8.4AI score0.02256EPSS
Exploits2References2
archlinux
archlinux
added 2016/05/10 12:0 a.m.46 views

cacti: sql injection

A SQL injection vulnerability has been found in cacti, in the the hostgroupdata parameter of the graphview.php file...

6.5CVSS2.8AI score0.02256EPSS
Exploits2References2
nvd
nvd
added 2016/04/11 3:59 p.m.19 views

CVE-2016-3659

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

8.8CVSS8.8AI score0.02256EPSS
Exploits2References6
prion
prion
added 2016/04/11 3:59 p.m.22 views

Sql injection

SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter...

6.5CVSS8.3AI score0.02256EPSS
Exploits2References6Affected Software1
cve
cve
added 2016/04/11 3:0 p.m.73 views

CVE-2016-3659

CVE-2016-3659 describes an SQL injection in Cacti 0.8.8.g via the host_group_data parameter in graph_view.php, exploitable by remote authenticated users to execute arbitrary SQL commands. The vulnerability’s impact is noted across multiple advisories; affected packages include Cacti 0.8.8.g (and ...

8.8CVSS8.7AI score0.02256EPSS
Exploits2References6Affected Software1
cve
cve
added 2010/08/23 8:0 p.m.94 views

CVE-2010-2545

Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...

4.3CVSS5.2AI score0.01801EPSS
Exploits1References14Affected Software1
cvelist
cvelist
added 2009/11/27 7:0 p.m.38 views

CVE-2009-4032

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

5.4AI score0.05739EPSS
Exploits6References24
debiancve
debiancve
added 2008/02/14 10:0 p.m.42 views

CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...

7.5CVSS8.1AI score0.03435EPSS
Exploits1
exploitpack
exploitpack
added 2005/06/22 12:0 a.m.12 views

Cacti 0.8.6d - Remote Command Execution

Cacti 0.8.6d - Remote Command Execution Note: This exploit contains backdoor shell code that is not located on this server. /str0ke !/usr/bin/perl Remote Command Execution Exploit for Cacti http://www.example.com/cacti/graphimage.php?localgraphid=validvalue&graphstart=%0acommand%0a Patch: downloa...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2005/01/15 12:0 a.m.16 views

Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit)

Cacti 0.8.6-d - graphview.php Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.8AI score
Exploits0
exploitdb
exploitdb
added 2005/01/15 12:0 a.m.39 views

Cacti 0.8.6-d - 'graph_view.php' Command Injection (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Cacti...

7.4AI score
Exploits0
Rows per page
Query Builder