Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-41444
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
Cacti Cacti 1.2.21
6.1
CVSSv3
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
6.1
CVSSv3
CVE-2017-15194
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
Cacti Cacti 1.1.25
8.8
CVSSv3
CVE-2017-1000031
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote malicious users to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
Cacti Cacti 0.8.8b
5.4
CVSSv3
CVE-2017-11163
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
Cacti Cacti 1.1.12
4.9
CVSSv3
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
Cacti Cacti 1.1.27
8.8
CVSSv3
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
NA
CVE-2009-4032
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrate...
Cacti Cacti 0.8.7e
2 EDB exploits
5.4
CVSSv3
CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Cacti Cacti 1.1.13
6.1
CVSSv3
CVE-2023-50250
Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability exists in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_...
Cacti Cacti 1.2.25
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »