Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cacti cacti 0.8.7g vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
7.5
CVSSv2
CVE-2014-5261
The graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Cacti Cacti 0.8.7fCacti Cacti 0.8.7eCacti Cacti 0.8.7iCacti Cacti 0.8.7gCacti Cacti 0.8.7Cacti Cacti 0.8.6eCacti CactiCacti Cacti 0.8.7dCacti Cacti 0.8.7cCacti Cacti 0.8.8aCacti Cacti 0.8.8Cacti Cacti 0.8.7bCacti Cacti 0.8.7a
7.5
CVSSv2
CVE-2014-5262
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti CactiCacti Cacti 0.8.7dCacti Cacti 0.8.7cCacti Cacti 0.8.7bCacti Cacti 0.8.7fCacti Cacti 0.8.7eCacti Cacti 0.8.8aCacti Cacti 0.8.8Cacti Cacti 0.8.7aCacti Cacti 0.8.7Cacti Cacti 0.8.7iCacti Cacti 0.8.7gCacti Cacti 0.8.6e
7.5
CVSSv2
CVE-2013-1434
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti prior to 0.8.8b allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti Cacti 0.8.7bCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.6dCacti Cacti 0.8.6fCacti Cacti 0.8.5aCacti CactiCacti Cacti 0.8.7iCacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6iCacti Cacti 0.8.6jCacti Cacti 0.8.7Cacti Cacti 0.8.7aCacti Cacti 0.8.6bCacti Cacti 0.8.6cCacti Cacti 0.8.6kCacti Cacti 0.8.5Cacti Cacti 0.8.8Cacti Cacti 0.8.7gCacti Cacti 0.8.6eCacti Cacti 0.8.6g
7.5
CVSSv2
CVE-2013-1435
(1) snmp.php and (2) rrd.php in Cacti prior to 0.8.8b allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6hCacti Cacti 0.8.6iCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.7fCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.3Cacti Cacti 0.8.6bCacti Cacti 0.8.6cCacti Cacti 0.8.6jCacti Cacti 0.8.6kCacti Cacti 0.8.7gCacti Cacti 0.8.7hCacti Cacti 0.8.3aCacti Cacti 0.8.4Cacti Cacti 0.8.6dCacti Cacti 0.8.6e
4.3
CVSSv2
CVE-2013-5588
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
Cacti Cacti 0.8.8Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.2Cacti Cacti 0.8.6gCacti Cacti 0.8.6hCacti Cacti 0.8.6iCacti Cacti 0.8.6jCacti Cacti 0.8.5aCacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6bCacti Cacti 0.8.7cCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.7fCacti Cacti 0.8.7gCacti CactiCacti Cacti 0.8.2aCacti Cacti 0.8.3aCacti Cacti 0.8.5Cacti Cacti 0.8.6c
7.5
CVSSv2
CVE-2013-5589
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Debian Debian Linux 7.0Cacti Cacti 0.8.3Cacti Cacti 0.8.3aCacti Cacti 0.8.6cCacti Cacti 0.8.6dCacti Cacti 0.8.7Cacti Cacti 0.8.7aCacti Cacti 0.8.7hCacti Cacti 0.8.7iCacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.5aCacti Cacti 0.8.6Cacti Cacti 0.8.6gCacti Cacti 0.8.6hCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.6aCacti Cacti 0.8.6bCacti Cacti 0.8.6i
4.3
CVSSv2
CVE-2011-5223
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti prior to 0.8.7i allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Cacti Cacti 0.8.7dCacti Cacti 0.8.7cCacti Cacti 0.8.6gCacti Cacti 0.8.6cCacti Cacti 0.8.5Cacti Cacti 0.8.4Cacti Cacti 0.6.8Cacti Cacti 0.6.7Cacti Cacti 0.6.6Cacti Cacti 0.5Cacti Cacti 0.8.7bCacti Cacti 0.8.7aCacti Cacti 0.8.7Cacti Cacti 0.8.6hCacti Cacti 0.8.6kCacti Cacti 0.8.3Cacti Cacti 0.8.3aCacti Cacti 0.6.5Cacti Cacti 0.6.4Cacti CactiCacti Cacti 0.8.7gCacti Cacti 0.8.6a
4.3
CVSSv2
CVE-2014-2326
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fedoraproject Fedora 19Fedoraproject Fedora 20Opensuse Opensuse 13.2Opensuse Opensuse 13.1Cacti Cacti 0.8.7gDebian Debian Linux 7.0
4.3
CVSSv2
CVE-2010-2544
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti prior to 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote malicious users to inject arbitrary web script or HTML via the filter parameter.
Cacti Cacti 0.5Cacti Cacti 0.8.6kCacti Cacti 0.8.6dCacti Cacti 0.6.3Cacti CactiCacti Cacti 0.8.7Cacti Cacti 0.8.5aCacti Cacti 0.8.3Cacti Cacti 0.6.8Cacti Cacti 0.8.2Cacti Cacti 0.8.5Cacti Cacti 0.6.6Cacti Cacti 0.8.7dCacti Cacti 0.8.7bCacti Cacti 0.8.7aCacti Cacti 0.6.2Cacti Cacti 0.6.5Cacti Cacti 0.8.6fCacti Cacti 0.8.6gCacti Cacti 0.8.6jCacti Cacti 0.8.7cCacti Cacti 0.6.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook