20 matches found
CVE-2018-17843
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0...
SUSE CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
WordPress Canto plugin 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
CVE-2018-17843
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0...
CVE-2018-17843
CVE-2018-17843 describes a SQL injection in multiple MLM software packages (ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Re...
Cross site scripting
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
UBUNTU-CVE-2018-20726
A cross-site scripting XSS vulnerability exists in host.php via tree.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices...
CVE-2017-1000032
Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...
CVE-2017-1000032
Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...
CVE-2017-1000032
CVE-2017-1000032 : XSS in Cacti 0.8.8b allows remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and the drp_action parameter to data_sources.php. The connected notices (SU̲SE, NVD, CNVD, OSV, etc.) consistently describe the vulnerability in Cacti 0.8.8...
Cacti SQL Injection Vulnerability (CNVD-2016-02215)
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. A SQL injection vulnerability exists in the tree.php file in Cacti 0.8.8g and earlier versions, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the...
DEBIAN-CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
ALPINE-CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
Cacti <= 0.8.7 tree.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting...
CVE-2010-2545
Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...
CVE-2008-0785
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...
CVE-2006-3346
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grpid parameter...
CVE-2006-3346
The CVE-2006-3346 entry concerns a SQL injection in tree.php on MyNewsGroups 0.6, exploitable via the grp_id parameter to remotely execute arbitrary SQL. The provided documents identify the affected product and the vulnerable parameter but do not specify the root cause details beyond generic SQL ...