Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cacti cacti 0.8.3a vulnerabilities and exploits

(subscribe to this query)
9
CVSSv2
CVE-2009-4112
Cacti 0.8.7e and previous versions allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Cacti Cacti 0.8.6fCacti Cacti 0.8.6cCacti Cacti 0.8.2Cacti Cacti 0.8.1Cacti Cacti 0.8.5aCacti Cacti 0.8.5Cacti Cacti 0.8Cacti Cacti 0.6.7Cacti Cacti 0.8.4Cacti Cacti 0.8.3aCacti Cacti 0.8.7aCacti CactiCacti Cacti 0.8.7Cacti Cacti 0.8.6iCacti Cacti 0.8.3Cacti Cacti 0.8.2a
4.3
CVSSv2
CVE-2008-0783
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote malicious users to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the actio...
Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.5aCacti Cacti 0.8.6cCacti Cacti 0.6.7Cacti Cacti 0.8.4Cacti Cacti 0.8.5Cacti Cacti 0.8.7aCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.6fCacti Cacti 0.8.6iCacti Cacti 0.8.3Cacti Cacti 0.8.3aCacti Cacti 0.8.6jCacti Cacti 0.8.7
5
CVSSv2
CVE-2008-0784
graph.php in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allows remote malicious users to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
Cacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.6fCacti Cacti 0.8.6iCacti Cacti 0.6.7Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.5aCacti Cacti 0.8.6cCacti Cacti 0.8.4Cacti Cacti 0.8.5Cacti Cacti 0.8.7aCacti Cacti 0.8.3Cacti Cacti 0.8.3aCacti Cacti 0.8.6jCacti Cacti 0.8.7
7.5
CVSSv2
CVE-2008-0785
Multiple SQL injection vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id par...
Cacti Cacti 0.8.1Cacti Cacti 0.8.2Cacti Cacti 0.8.6fCacti Cacti 0.8.6iCacti Cacti 0.6.7Cacti Cacti 0.8Cacti Cacti 0.8.5aCacti Cacti 0.8.6cCacti Cacti 0.8.3aCacti Cacti 0.8.4Cacti Cacti 0.8.5Cacti Cacti 0.8.7aCacti Cacti 0.8.2aCacti Cacti 0.8.3Cacti Cacti 0.8.6jCacti Cacti 0.8.7
4.3
CVSSv2
CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k, when running on older PHP interpreters, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Cacti Cacti 0.8.1Cacti Cacti 0.8.2Cacti Cacti 0.8.6cCacti Cacti 0.8.6fCacti Cacti 0.6.7Cacti Cacti 0.8Cacti Cacti 0.8.5Cacti Cacti 0.8.5aCacti Cacti 0.8.3aCacti Cacti 0.8.4Cacti Cacti 0.8.7Cacti Cacti 0.8.7aCacti Cacti 0.8.2aCacti Cacti 0.8.3Cacti Cacti 0.8.6iCacti Cacti 0.8.6j
10
CVSSv2
CVE-2005-2149
config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
The Cacti Group Cacti 0.8.2The Cacti Group Cacti 0.8.2aThe Cacti Group Cacti 0.8.6aThe Cacti Group Cacti 0.8.6bThe Cacti Group Cacti 0.8.4The Cacti Group Cacti 0.8.5The Cacti Group Cacti 0.8.6eThe Cacti Group Cacti 0.8.3The Cacti Group Cacti 0.8.3aThe Cacti Group Cacti 0.8.6cThe Cacti Group Cacti 0.8.6dThe Cacti Group Cacti 0.8The Cacti Group Cacti 0.8.1The Cacti Group Cacti 0.8.5aThe Cacti Group Cacti 0.8.6
7.5
CVSSv2
CVE-2005-2148
Cacti 0.8.6e and previous versions does not perform proper input validation to protect against common attacks, which allows remote malicious users to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in ...
The Cacti Group Cacti 0.8.2aThe Cacti Group Cacti 0.8.3The Cacti Group Cacti 0.8.1The Cacti Group Cacti 0.8.2The Cacti Group Cacti 0.8.6The Cacti Group Cacti 0.8.6aThe Cacti Group Cacti 0.8.3aThe Cacti Group Cacti 0.8.4The Cacti Group Cacti 0.8.6eThe Cacti Group Cacti 0.8.6bThe Cacti Group Cacti 0.8.6cThe Cacti Group Cacti 0.8.6dThe Cacti Group Cacti 0.8The Cacti Group Cacti 0.8.5The Cacti Group Cacti 0.8.5a
7.5
CVSSv2
CVE-2013-1435
(1) snmp.php and (2) rrd.php in Cacti prior to 0.8.8b allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6hCacti Cacti 0.8.6iCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.7fCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.3Cacti Cacti 0.8.6bCacti Cacti 0.8.6cCacti Cacti 0.8.6jCacti Cacti 0.8.6kCacti Cacti 0.8.7gCacti Cacti 0.8.7hCacti Cacti 0.8.3aCacti Cacti 0.8.4Cacti Cacti 0.8.6dCacti Cacti 0.8.6e
7.5
CVSSv2
CVE-2010-1431
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and previous versions allows remote malicious users to execute arbitrary SQL commands via the export_item_id parameter.
Cacti Cacti 0.8.5aCacti Cacti 0.8.5Cacti Cacti 0.8.7Cacti CactiCacti Cacti 0.8.6dCacti Cacti 0.8.6bCacti Cacti 0.6.3Cacti Cacti 0.6.2Cacti Cacti 0.6.7Cacti Cacti 0.8Cacti Cacti 0.8.4Cacti Cacti 0.8.3aCacti Cacti 0.8.6hCacti Cacti 0.8.6gCacti Cacti 0.6.5Cacti Cacti 0.6.4Cacti Cacti 0.8.6jCacti Cacti 0.8.7aCacti Cacti 0.8.6fCacti Cacti 0.8.6cCacti Cacti 0.8.7dCacti Cacti 0.8.7c
6.5
CVSSv2
CVE-2010-1645
Cacti prior to 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph T...
Cacti Cacti 0.6.1Cacti Cacti 0.6Cacti Cacti 0.6.6Cacti Cacti 0.6.5Cacti Cacti 0.6.2Cacti Cacti 0.8.7Cacti Cacti 0.8.6gCacti Cacti 0.8.6Cacti Cacti 0.8.7aCacti Cacti 0.6.8aCacti Cacti 0.8.2Cacti Cacti 0.6.7Cacti Cacti 0.8.5Cacti Cacti 0.8.6bCacti Cacti 0.8.2aCacti Cacti 0.8.7bCacti Cacti 0.8.6cCacti Cacti 0.8.3aCacti Cacti 0.8.7dCacti Cacti 0.6.8Cacti Cacti 0.8.6iCacti Cacti 0.6.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook