Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-7058
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
Cacti Cacti 1.2.8
8.1
CVSSv3
CVE-2019-17358
Cacti up to and including 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cau...
Cacti Cacti
Debian Debian Linux 8.0
Opensuse Leap 42.3
4.3
CVSSv3
CVE-2019-16723
In Cacti up to and including 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Cacti Cacti
5.4
CVSSv3
CVE-2019-11025
In clearFilter() in utilities.php in Cacti prior to 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
Cacti Cacti
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2018-20726
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
Cacti Cacti
5.5
CVSSv3
CVE-2018-17358
An issue exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application c...
Gnu Binutils 2.31.1
5.4
CVSSv3
CVE-2018-10059
Cacti prior to 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
Cacti Cacti
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »