Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify t...
Cacti Cacti 1.2.8
NA
CVE-2023-49086
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable c...
Cacti Cacti 1.2.25
6.5
CVSSv2
CVE-2017-1000031
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote malicious users to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
Cacti Cacti 0.8.8b
4.3
CVSSv2
CVE-2017-1000032
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote malicious users to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
Cacti Cacti 0.8.8b
9
CVSSv2
CVE-2017-16660
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Cacti Cacti 1.1.27
4
CVSSv2
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
Cacti Cacti 1.1.27
NA
CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitatio...
Cacti Cacti 1.2.25
1 Metasploit module
4.3
CVSSv2
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
NA
CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote malicious user to obtain sensitive information via the form_actions() function in the managers.php function.
Cacti Cacti 1.2.25
4.3
CVSSv2
CVE-2017-12927
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
Cacti Cacti 1.1.17
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »