VYPR

rpm package

opensuse/cacti&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/cacti&distro=openSUSE%20Tumbleweed

Vulnerabilities (87)

  • CVE-2017-12978MedAug 21, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

  • CVE-2017-12927MedAug 18, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.

  • CVE-2017-12065CriAug 1, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

  • CVE-2017-11691MedJul 27, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

  • CVE-2017-11163MedJul 10, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

  • CVE-2017-10970MedJul 6, 2017
    affected < 1.2.18-1.2fixed 1.2.18-1.2

    Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

  • CVE-2016-2313HigApr 13, 2016
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

  • CVE-2016-3172HigApr 12, 2016
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.

  • CVE-2015-8604HigApr 11, 2016
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.

  • CVE-2016-3659HigApr 11, 2016
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.

  • CVE-2015-8369Dec 17, 2015
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.

  • CVE-2015-8377Dec 15, 2015
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.

  • CVE-2015-4634Aug 11, 2015
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

  • CVE-2015-4342Jun 17, 2015
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

  • CVE-2014-5026Oct 20, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templa

  • CVE-2014-5025Oct 20, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

  • CVE-2014-4002Jul 3, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templa

  • CVE-2014-2709Apr 23, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

  • CVE-2014-2328Apr 23, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

  • CVE-2014-2327Apr 23, 2014
    affected < 0.8.8h-1.2fixed 0.8.8h-1.2

    Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary u

Page 4 of 5