Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti 0.8.7g vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-48547
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and previous versions allows unauthenticated remote malicious users to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.
Cacti Cacti
6.1
CVSSv3
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
NA
CVE-2014-5261
The graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6e
Cacti Cacti
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.8a
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7a
NA
CVE-2014-5262
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti Cacti
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.8a
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.7
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.6e
NA
CVE-2014-2709
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified parameters.
Cacti Cacti
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2014-2327
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3)...
Cacti Cacti
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2014-2328
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Debian Debian Linux 7.0
NA
CVE-2014-2708
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source,...
Cacti Cacti 0.8.8b
NA
CVE-2014-2326
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Cacti Cacti 0.8.7g
Debian Debian Linux 7.0
NA
CVE-2013-5588
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
Cacti Cacti 0.8.8
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.2
Cacti Cacti 0.8.6g
Cacti Cacti 0.8.6h
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6
Cacti Cacti 0.8.6a
Cacti Cacti 0.8.6b
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7g
Cacti Cacti
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.5
Cacti Cacti 0.8.6c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »