Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-20726
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
Cacti Cacti
6.5
CVSSv2
CVE-2015-0916
SQL injection vulnerability in graph.php in Cacti prior to 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
Cacti Cacti
7.5
CVSSv2
CVE-2017-12065
spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Cacti Cacti
3.5
CVSSv2
CVE-2017-12066
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti prior to 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists beca...
Cacti Cacti
6.5
CVSSv2
CVE-2014-4000
Cacti prior to 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Cacti Cacti
3.5
CVSSv2
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
NA
CVE-2023-49085
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pol...
Cacti Cacti
1 Metasploit module
4.3
CVSSv2
CVE-2015-2967
Cross-site scripting (XSS) vulnerability in settings.php in Cacti prior to 0.8.8d allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cacti Cacti
6.5
CVSSv2
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Cacti Cacti
6.5
CVSSv2
CVE-2015-8604
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and previous versions allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »