rpm package
opensuse/cacti&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cacti&distro=openSUSE%20Tumbleweed
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2708 | — | < 0.8.8h-1.2 | 0.8.8h-1.2 | Apr 10, 2014 | Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph | ||
| CVE-2014-2326 | — | < 0.8.8h-1.2 | 0.8.8h-1.2 | Mar 27, 2014 | Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2013-5589 | — | < 0.8.8h-1.2 | 0.8.8h-1.2 | Aug 29, 2013 | SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2013-5588 | — | < 0.8.8h-1.2 | 0.8.8h-1.2 | Aug 29, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. | ||
| CVE-2009-4112 | — | < 1.2.18-1.2 | 1.2.18-1.2 | Nov 30, 2009 | Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | ||
| CVE-2007-3112 | — | < 1.2.18-1.2 | 1.2.18-1.2 | Jun 7, 2007 | graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. | ||
| CVE-2006-6799 | — | < 1.2.18-1.2 | 1.2.18-1.2 | Dec 28, 2006 | SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the |
- CVE-2014-2708Apr 10, 2014affected < 0.8.8h-1.2fixed 0.8.8h-1.2
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph
- CVE-2014-2326Mar 27, 2014affected < 0.8.8h-1.2fixed 0.8.8h-1.2
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-5589Aug 29, 2013affected < 0.8.8h-1.2fixed 0.8.8h-1.2
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2013-5588Aug 29, 2013affected < 0.8.8h-1.2fixed 0.8.8h-1.2
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
- CVE-2009-4112Nov 30, 2009affected < 1.2.18-1.2fixed 1.2.18-1.2
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
- CVE-2007-3112Jun 7, 2007affected < 1.2.18-1.2fixed 1.2.18-1.2
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
- CVE-2006-6799Dec 28, 2006affected < 1.2.18-1.2fixed 1.2.18-1.2
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the
Page 5 of 5