Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utili...
Cacti Cacti 1.2.25
1 Github repository
4.3
CVSSv2
CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
Cacti Cacti 1.1.27
7.8
CVSSv2
CVE-2007-3112
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
The Cacti Group Cacti
6.8
CVSSv2
CVE-2007-3113
Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112.
The Cacti Group Cacti
7.5
CVSSv2
CVE-2006-6799
SQL injection vulnerability in Cacti 0.8.6i and previous versions, when register_argc_argv is enabled, allows remote malicious users to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary comm...
The Cacti Group Cacti
5
CVSSv2
CVE-2004-1736
Cacti 0.8.5a allows remote malicious users to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
The Cacti Group Cacti 0.8.5a
3.5
CVSSv2
CVE-2018-10061
Cacti prior to 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
Cacti Cacti
Debian Debian Linux 9.0
3.5
CVSSv2
CVE-2018-10060
Cacti prior to 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
Cacti Cacti
Debian Debian Linux 9.0
3.5
CVSSv2
CVE-2021-23225
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
Cacti Cacti 1.1.38
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-25706
A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field
Cacti Cacti 1.2.13
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »