Filtered by vendor Cacti
Subscriptions
Total
121 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-4634 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | ||||
CVE-2015-4454 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-08-06 | N/A |
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | ||||
CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-08-06 | N/A |
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | ||||
CVE-2015-2967 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-2665 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-0916 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | ||||
CVE-2016-10700 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. | ||||
CVE-2016-3659 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | ||||
CVE-2016-3172 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | ||||
CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2024-08-05 | N/A |
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | ||||
CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | ||||
CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | ||||
CVE-2017-16785 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | ||||
CVE-2017-15194 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | ||||
CVE-2017-12978 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | ||||
CVE-2017-12927 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | ||||
CVE-2017-12065 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | ||||
CVE-2017-12066 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. | ||||
CVE-2017-11691 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | ||||
CVE-2017-11163 | 1 Cacti | 1 Cacti | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. |