Filtered by vendor Cacti
Subscriptions
Total
116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0784 | 1 Cacti | 1 Cacti | 2018-10-15 | N/A |
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. | ||||
CVE-2008-0783 | 1 Cacti | 1 Cacti | 2018-10-15 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php. | ||||
CVE-2016-10700 | 1 Cacti | 1 Cacti | 2017-12-11 | N/A |
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. | ||||
CVE-2014-4000 | 1 Cacti | 1 Cacti | 2017-11-29 | N/A |
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | ||||
CVE-2017-16785 | 1 Cacti | 1 Cacti | 2017-11-27 | N/A |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | ||||
CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-08 | N/A |
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | ||||
CVE-2015-4454 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-04 | N/A |
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | ||||
CVE-2015-2665 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-04 | N/A |
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-15194 | 1 Cacti | 1 Cacti | 2017-10-20 | N/A |
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | ||||
CVE-2015-4634 | 1 Cacti | 1 Cacti | 2017-09-22 | N/A |
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | ||||
CVE-2014-5262 | 1 Cacti | 1 Cacti | 2017-09-08 | N/A |
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2014-5261 | 1 Cacti | 1 Cacti | 2017-09-08 | N/A |
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | ||||
CVE-2014-2708 | 1 Cacti | 1 Cacti | 2017-08-29 | N/A |
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | ||||
CVE-2011-5223 | 1 Cacti | 1 Cacti | 2017-08-29 | N/A |
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2011-4824 | 1 Cacti | 1 Cacti | 2017-08-29 | N/A |
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. | ||||
CVE-2017-12978 | 1 Cacti | 1 Cacti | 2017-08-27 | N/A |
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | ||||
CVE-2017-12927 | 1 Cacti | 1 Cacti | 2017-08-27 | N/A |
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | ||||
CVE-2017-11691 | 1 Cacti | 1 Cacti | 2017-08-04 | N/A |
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | ||||
CVE-2017-12066 | 1 Cacti | 1 Cacti | 2017-08-02 | N/A |
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. | ||||
CVE-2007-6035 | 1 Cacti | 1 Cacti | 2017-07-29 | N/A |
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. |