Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2014-4000
Cacti prior to 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Cacti Cacti
383
VMScore
CVE-2015-2967
Cross-site scripting (XSS) vulnerability in settings.php in Cacti prior to 0.8.8d allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cacti Cacti
578
VMScore
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
Cacti Cacti
NA
CVE-2023-31132
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document d...
Cacti Cacti
578
VMScore
CVE-2016-10700
auth_login.php in Cacti prior to 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an in...
Cacti Cacti
383
VMScore
CVE-2020-14424
Cacti prior to 1.2.18 allows remote malicious users to trigger XSS via template import for the midwinter theme.
Cacti Cacti
NA
CVE-2023-37543
Cacti prior to 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
Cacti Cacti
NA
CVE-2023-50569
Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote malicious users to escalate privileges when uploading an xml template file via templates_import.php.
Cacti Cacti 1.2.25
NA
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utili...
Cacti Cacti 1.2.25
1 Github repository
801
VMScore
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »