19 matches found
EUVD-2005-0464
Malware in sbrugna...
Cross site scripting
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...
Cross site scripting
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
CVE-2018-20726
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
UBUNTU-CVE-2018-20726
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
CVE-2018-20726
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
DEBIAN-CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
Cross site scripting
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2017-16785
CVE-2017-16785 affects Cacti 1.1.27 and is a reflected XSS via PATH_INFO to host.php. Connected advisories show multiple vendors/osses reporting the issue as part of a 1.1.28 fix set. Impact per Arch Linux advisory: for remote authenticated admins there is cross-site scripting risk; updates fix t...
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2014-4002
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...
CVE-2013-5589
Cacti is affected by CVE-2013-5589 (SQL injection) in host.php via the id parameter. The initial description specifies impact on Cacti 0.8.8b and earlier. Public sources indicate that vulnerable versions include pre-0.8.8g/0.8.8b and that fixes were released in newer builds (e.g., 0.8.8c and late...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 hostname or 2 description parameter to host.php, or 3 the hostid paramet...
CVE-2010-2545
Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...
CVE-2005-0463
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in 1 host.php, 2 port.php, and 3 index.php...
CVE-2005-0463
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in 1 host.php, 2 port.php, and 3 index.php...