Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-12065
spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Cacti Cacti
NA
CVE-2022-48547
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and previous versions allows unauthenticated remote malicious users to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.
Cacti Cacti
578
VMScore
CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Cacti Cacti
312
VMScore
CVE-2017-12066
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti prior to 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists beca...
Cacti Cacti
578
VMScore
CVE-2015-8377
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
Cacti Cacti
578
VMScore
CVE-2016-10700
auth_login.php in Cacti prior to 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an in...
Cacti Cacti
668
VMScore
CVE-2015-8369
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and previous versions allows remote malicious users to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Cacti Cacti
578
VMScore
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Cacti Cacti
312
VMScore
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
312
VMScore
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Cacti Cacti
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »