Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cacti cacti 0.8.8a vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2014-5262
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti CactiCacti Cacti 0.8.7dCacti Cacti 0.8.7cCacti Cacti 0.8.7bCacti Cacti 0.8.7fCacti Cacti 0.8.7eCacti Cacti 0.8.8aCacti Cacti 0.8.8Cacti Cacti 0.8.7aCacti Cacti 0.8.7Cacti Cacti 0.8.7iCacti Cacti 0.8.7gCacti Cacti 0.8.6e
NA
CVE-2014-5261
The graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Cacti Cacti 0.8.7fCacti Cacti 0.8.7eCacti Cacti 0.8.7iCacti Cacti 0.8.7gCacti Cacti 0.8.7Cacti Cacti 0.8.6eCacti CactiCacti Cacti 0.8.7dCacti Cacti 0.8.7cCacti Cacti 0.8.8aCacti Cacti 0.8.8Cacti Cacti 0.8.7bCacti Cacti 0.8.7a
NA
CVE-2013-1435
(1) snmp.php and (2) rrd.php in Cacti prior to 0.8.8b allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6hCacti Cacti 0.8.6iCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.7fCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.3Cacti Cacti 0.8.6bCacti Cacti 0.8.6cCacti Cacti 0.8.6jCacti Cacti 0.8.6kCacti Cacti 0.8.7gCacti Cacti 0.8.7hCacti Cacti 0.8.3aCacti Cacti 0.8.4Cacti Cacti 0.8.6dCacti Cacti 0.8.6e
NA
CVE-2013-5588
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
Cacti Cacti 0.8.8Cacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.2Cacti Cacti 0.8.6gCacti Cacti 0.8.6hCacti Cacti 0.8.6iCacti Cacti 0.8.6jCacti Cacti 0.8.5aCacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6bCacti Cacti 0.8.7cCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.7fCacti Cacti 0.8.7gCacti CactiCacti Cacti 0.8.2aCacti Cacti 0.8.3aCacti Cacti 0.8.5Cacti Cacti 0.8.6c
NA
CVE-2013-5589
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Debian Debian Linux 7.0Cacti Cacti 0.8.3Cacti Cacti 0.8.3aCacti Cacti 0.8.6cCacti Cacti 0.8.6dCacti Cacti 0.8.7Cacti Cacti 0.8.7aCacti Cacti 0.8.7hCacti Cacti 0.8.7iCacti Cacti 0.8Cacti Cacti 0.8.1Cacti Cacti 0.8.5aCacti Cacti 0.8.6Cacti Cacti 0.8.6gCacti Cacti 0.8.6hCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.2Cacti Cacti 0.8.2aCacti Cacti 0.8.6aCacti Cacti 0.8.6bCacti Cacti 0.8.6i
NA
CVE-2013-1434
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti prior to 0.8.8b allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti Cacti 0.8.7bCacti Cacti 0.8.7dCacti Cacti 0.8.7eCacti Cacti 0.8.6dCacti Cacti 0.8.6fCacti Cacti 0.8.5aCacti CactiCacti Cacti 0.8.7iCacti Cacti 0.8.6Cacti Cacti 0.8.6aCacti Cacti 0.8.6iCacti Cacti 0.8.6jCacti Cacti 0.8.7Cacti Cacti 0.8.7aCacti Cacti 0.8.6bCacti Cacti 0.8.6cCacti Cacti 0.8.6kCacti Cacti 0.8.5Cacti Cacti 0.8.8Cacti Cacti 0.8.7gCacti Cacti 0.8.6eCacti Cacti 0.8.6g
NA
CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and previous versions allows remote malicious users to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Cacti Cacti
NA
CVE-2015-4634
SQL injection vulnerability in graphs.php in Cacti prior to 0.8.8e allows remote malicious users to execute arbitrary SQL commands via the local_graph_id parameter.
Cacti Cacti
NA
CVE-2015-8377
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
Cacti Cacti
8.8
CVSSv3
CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Cacti Cacti
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook