Total
115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | |||||
| CVE-2017-1000031 | 1 Cacti | 1 Cacti | 2017-07-19 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | |||||
| CVE-2017-10970 | 1 Cacti | 1 Cacti | 2017-07-17 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. | |||||
| CVE-2015-2967 | 1 Cacti | 1 Cacti | 2016-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1434 | 1 Cacti | 1 Cacti | 2016-12-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8377 | 1 Cacti | 1 Cacti | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | |||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2016-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | |||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2016-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | |||||
| CVE-2015-0916 | 1 Cacti | 1 Cacti | 2015-05-22 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | |||||
| CVE-2013-1435 | 1 Cacti | 1 Cacti | 2013-08-30 | 7.5 HIGH | N/A |
| (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2010-2092 | 1 Cacti | 1 Cacti | 2012-02-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. | |||||
| CVE-2010-1645 | 1 Cacti | 1 Cacti | 2012-02-16 | 6.5 MEDIUM | N/A |
| Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. | |||||
| CVE-2010-1431 | 1 Cacti | 1 Cacti | 2012-02-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. | |||||