Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
10
CVSSv2
CVE-2005-2149
config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.5a
The Cacti Group Cacti 0.8.6
10
CVSSv2
CVE-2002-1478
Cacti prior to 0.6.8 allows malicious users to execute arbitrary commands via the "Data Input" option in console mode.
The Cacti Group Cacti 0.5
The Cacti Group Cacti 0.6.7
The Cacti Group Cacti 0.6.4
The Cacti Group Cacti 0.6.1
The Cacti Group Cacti 0.6
The Cacti Group Cacti 0.6.6
The Cacti Group Cacti 0.6.5
The Cacti Group Cacti 0.6.3
The Cacti Group Cacti 0.6.8
The Cacti Group Cacti 0.6.2
9.3
CVSSv2
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Cacti Cacti 1.2.8
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opmantek Open-audit 3.3.1
Opensuse Suse Package Hub
Debian Debian Linux 10.0
2 EDB exploits
5 Github repositories
9
CVSSv2
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
9
CVSSv2
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Cacti Cacti 1.1.27
9
CVSSv2
CVE-2017-16641
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
Cacti Cacti 1.1.27
9
CVSSv2
CVE-2009-4112
Cacti 0.8.7e and previous versions allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.2
Cacti Cacti 0.8.1
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.5
Cacti Cacti 0.8
Cacti Cacti 0.6.7
Cacti Cacti 0.8.4
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.7a
Cacti Cacti
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.3
Cacti Cacti 0.8.2a
1 EDB exploit
7.8
CVSSv2
CVE-2007-3112
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
The Cacti Group Cacti
7.5
CVSSv2
CVE-2017-12065
spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »