USN-7226-1: Cacti vulnerability

It was discovered that Cacti did not properly sanitize the 'pollerid' parameter in the "remoteagent.php" file. A remote attacker could possibly use this issue to achieve remote code execution...

Siemens Spectrum Power 7 Local Elevation of Privilege Vulnerability

Spectrum Power 7 provides the essential components of SCADA, communications and data modeling for control and monitoring systems. Application suites can be added to optimize network and generation management in all areas of energy management. A local elevation of privilege vulnerability exists in...

Solar monitoring systems exposed: Secure your devices

Researchers who go looking for devices exposed to the Internet report "tens of thousands" of solar photovoltaic PV monitoring and diagnostic systems can be found on the web. The systems are used for everything from system optimization to performance monitoring and troubleshooting. No fewer than...

Debian: Security Advisory (DLA-255-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens Spectrum Power 4 Cross-Site Scripting Vulnerability

Spectrum Power provides essential components for SCADA, communications and data modeling for control and monitoring systems. Siemens Spectrum Power 4 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to conduct an attack if an unsuspecting user is tricked into...

Want to stay ahead of emerging threats? Here’s how.

Are you working with good information? A key question security organizations might ask themselves with regard to emerging — or imminent — threats: Are the systems we have logging the correct information? They may need that information to hunt threats or to reconstruct what an attacker did while...

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

Debian DLA-2069-1 : cacti security update

It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 'Jessie', this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We recommend that you upgrade your cacti packages. NOTE: Tenable Network...

Debian Security Advisory DSA 3494-1 (cacti - security update)

Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphsnew.php script to execute arbitrary SQL commands on the database. OpenVAS Vulnerability Test $Id:...

Debian: Security Advisory (DSA-3494-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3494-1 : cacti - security update

Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphsnew.php script to execute arbitrary SQL commands on the database. %NASLMINLEVEL 70300 C Tenable Network...

Debian DLA-386-1 : cacti security update

It was discovered that there was another SQL injection vulnerability in cacti, a web interface for graphing monitoring systems. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u14. NOTE: Tenable Network Security has extracted the preceding description block...

DLA-374-3 cacti - regression update

Bulletin has no description...

DLA-374-2 cacti - regression update

Bulletin has no description...

Debian DSA-3312-1 : cacti - security update

Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3312. The text itself i...

DSA-3312-1 cacti - security update

Bulletin has no description...

Debian DLA-255-1 : cacti security update

Several vulnerabilities cross-site scripting and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. We recommend that you upgrade your cacti packages. CVE-2015-2665 Cross-site scripting XSS vulnerability in Cacti before 0.8.8d allows remote attackers ...

[SECURITY] [DLA 255-1] cacti security update

Package : cacti Version : 0.8.7g-1+squeeze6 CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454 Several vulnerabilities cross-site scripting and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. We recommend that you upgrade your cacti packages...

DLA-255-1 cacti - security update

Bulletin has no description...