Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in form_save() function in graph_template_inputs.php is not thoroughly checked and is used to concatenate the SQL statement in draw_nontemplated_fields_graph_item() function...
4.6CVSS
8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in automation_get_new_graphs_sql function of api_automation.php allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation.....
8.8CVSS
8.8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules_form_save() function in automation_tree_rules.php is not thoroughly checked and is used to concatenate the HTML statement in form_confirm() function...
4.6CVSS
6.5AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php , finally...
5.7CVSS
6.5AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the $poller_id...
10CVSS
8.6AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raise_message_javascript from lib/functions.php now uses purify.js to fix CVE-2023-50250.....
6.1CVSS
6.7AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular...
7.6CVSS
6.4AI Score
0.0004EPSS
Cloud Software Group Security Advisory for CVE-2024-3661
Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...
7.6CVSS
6.7AI Score
0.0005EPSS
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...
Jira Netic Group Export <1.0.3 - Missing Authorization
Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a...
5.3CVSS
5.5AI Score
0.195EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a...
6.8AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a...
6.5AI Score
EPSS
9.1CVSS
9.4AI Score
0.002EPSS
10CVSS
7.2AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in.....
6.1CVSS
6.4AI Score
0.001EPSS
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
8.8CVSS
9AI Score
0.001EPSS
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to...
8.1AI Score
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted...
8.8CVSS
8.6AI Score
0.001EPSS
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templates_import.php.....
6.1CVSS
5.6AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...
8.8CVSS
8.9AI Score
0.001EPSS
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for...
5.4CVSS
5.7AI Score
0.001EPSS
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to...
8.1AI Score
9.1CVSS
7.1AI Score
0.002EPSS
Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Mattermost allows demoted guests to change group names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.4AI Score
EPSS
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised....
6.3CVSS
6.2AI Score
0.001EPSS
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group PoC The PoC will be displayed on June 26, 2024, to give users...
6.5AI Score
EPSS
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function PoC The PoC will be displayed on June 26, 2024, to give users the time to...
6.3AI Score
EPSS
Impact A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a...
6.8AI Score
EPSS
10CVSS
7.8AI Score
0.001EPSS
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is...
7.6AI Score
0.068EPSS
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.1AI Score
0.0004EPSS
Enumerate Local Group Memberships
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their...
2.2AI Score
Cacti < 1.2.10 RCE Vulnerability - Windows
Cacti is prone to an authenticated remote code execution (RCE) ...
8.8CVSS
9AI Score
0.921EPSS
Cacti < 1.2.10 RCE Vulnerability - Linux
Cacti is prone to an authenticated remote code execution (RCE) ...
8.8CVSS
9AI Score
0.921EPSS
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
7AI Score
0.0004EPSS
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.5AI Score
0.0004EPSS
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. ...
7.5AI Score
0.695EPSS
Fedora 39 : cacti / cacti-spine (2024-27a594f71d)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-27a594f71d advisory. Update cacti and cacti-spine to version 1.2.27. This includes the upstream fixes for many CVEs, including a critical remote code execution bug. ...
9.1CVSS
8.2AI Score
0.002EPSS
Group signature validation bypass in github.com/supranational/blst
When complemented with a check for infinity, blst skips performing a signature group-check. Formally speaking, infinity is the identity element of the elliptic curve group and as such it is a member of the group, so the group-check should be performed. The fix performs the check even in the...
7.1AI Score
Active Directory - Enumerate Group Memberships
Queries Active Directory for a list of Groups and their...
2.7AI Score
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...
6.9AI Score
EPSS
LDAP Active Directory - Group Enumeration
By using the search base gathered by plugin ID 25701 and the supplied credentials, Nessus was able to enumerate group identity data from Active Directory. Note: The Active Directory Identity scan template and associated plugins are intended to be used with smaller AD deployments for purposes of...
7.3AI Score
Cacti < 0.8.8d Multiple Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8d. It is, therefore, potentially affected by multiple vulnerabilities : A stored cross-site scripting vulnerability exists due to improper validation of...
8.6AI Score
0.006EPSS
Cacti < 0.8.8c Multiple Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8c. It is, therefore, potentially affected by the following vulnerabilities : Multiple XSS vulnerabilities exist in the 'step' parameter to 'install/index.php' and...
9.3AI Score
0.012EPSS
Cacti < 0.8.6e Multiple Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6e. It is, therefore, potentially affected by the following vulnerabilities : A PHP file inclusion vulnerability exists in 'top_graph_header.php' that allows remote...
8.1AI Score
0.05EPSS
Cacti < 0.8.6f Multiple Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.6f. It is, therefore, potentially affected by the following vulnerabilities : Multiple vulnerabilities exist due to improper input validation in 'graph_image.php' and...
7.3AI Score
0.03EPSS
Cacti 'Linux - Get Memory Usage' RCE Vulnerability
Cacti is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied...
8.6AI Score
0.058EPSS
7.4AI Score
0.001EPSS
Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do...
8.8CVSS
6.8AI Score
0.001EPSS