Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-50569
Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote malicious users to escalate privileges when uploading an xml template file via templates_import.php.
Cacti Cacti 1.2.25
NA
CVE-2009-4032
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrate...
Cacti Cacti 0.8.7e
2 EDB exploits
5.4
CVSSv3
CVE-2021-3816
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
Cacti Cacti 1.1.38
5.3
CVSSv3
CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Cacti Cacti 1.2.19
5.4
CVSSv3
CVE-2017-11163
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
Cacti Cacti 1.1.12
6.1
CVSSv3
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
5.4
CVSSv3
CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Cacti Cacti 1.1.13
NA
CVE-2014-2708
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source,...
Cacti Cacti 0.8.8b
5.4
CVSSv3
CVE-2017-10970
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
Cacti Cacti 1.1.12
4.9
CVSSv3
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
Cacti Cacti 1.1.27
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »