Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Cacti Cacti 1.1.27
8.8
CVSSv3
CVE-2017-1000031
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote malicious users to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
Cacti Cacti 0.8.8b
6.1
CVSSv3
CVE-2017-1000032
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote malicious users to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
Cacti Cacti 0.8.8b
NA
CVE-2014-2708
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source,...
Cacti Cacti 0.8.8b
6.1
CVSSv3
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
Cacti Cacti 1.1.27
5.4
CVSSv3
CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Cacti Cacti 1.1.13
5.4
CVSSv3
CVE-2017-11163
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
Cacti Cacti 1.1.12
6.1
CVSSv3
CVE-2023-50250
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability exists in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_...
Cacti Cacti 1.2.25
6.5
CVSSv3
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote malicious user to obtain sensitive information via the form_actions() function in the managers.php function.
Cacti Cacti 1.2.25
8.8
CVSSv3
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »