Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti 0.8.5a vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2004-1736
Cacti 0.8.5a allows remote malicious users to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
The Cacti Group Cacti 0.8.5a
9
CVSSv2
CVE-2009-4112
Cacti 0.8.7e and previous versions allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.2
Cacti Cacti 0.8.1
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.5
Cacti Cacti 0.8
Cacti Cacti 0.6.7
Cacti Cacti 0.8.4
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.7a
Cacti Cacti
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.3
Cacti Cacti 0.8.2a
1 EDB exploit
4.3
CVSSv2
CVE-2008-0783
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote malicious users to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the actio...
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6c
Cacti Cacti 0.6.7
Cacti Cacti 0.8.4
Cacti Cacti 0.8.5
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.2
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.3
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.7
2 EDB exploits
5
CVSSv2
CVE-2008-0784
graph.php in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allows remote malicious users to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
Cacti Cacti 0.8.2
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6i
Cacti Cacti 0.6.7
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.4
Cacti Cacti 0.8.5
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.7
7.5
CVSSv2
CVE-2008-0785
Multiple SQL injection vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id par...
Cacti Cacti 0.8.1
Cacti Cacti 0.8.2
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6i
Cacti Cacti 0.6.7
Cacti Cacti 0.8
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.4
Cacti Cacti 0.8.5
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.7
4 EDB exploits
4.3
CVSSv2
CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k, when running on older PHP interpreters, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Cacti Cacti 0.8.1
Cacti Cacti 0.8.2
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.6f
Cacti Cacti 0.6.7
Cacti Cacti 0.8
Cacti Cacti 0.8.5
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.4
Cacti Cacti 0.8.7
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.6j
7.5
CVSSv2
CVE-2013-1434
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti prior to 0.8.8b allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.6d
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.5a
Cacti Cacti
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.6
Cacti Cacti 0.8.6a
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.7
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.6b
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.6k
Cacti Cacti 0.8.5
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.6e
Cacti Cacti 0.8.6g
7.5
CVSSv2
CVE-2013-1435
(1) snmp.php and (2) rrd.php in Cacti prior to 0.8.8b allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.6
Cacti Cacti 0.8.6a
Cacti Cacti 0.8.6h
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.2
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.3
Cacti Cacti 0.8.6b
Cacti Cacti 0.8.6c
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.6k
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.7h
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.4
Cacti Cacti 0.8.6d
Cacti Cacti 0.8.6e
7.5
CVSSv2
CVE-2005-2148
Cacti 0.8.6e and previous versions does not perform proper input validation to protect against common attacks, which allows remote malicious users to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in ...
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.6
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.5a
10
CVSSv2
CVE-2005-2149
config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
The Cacti Group Cacti 0.8.2
The Cacti Group Cacti 0.8.2a
The Cacti Group Cacti 0.8.6a
The Cacti Group Cacti 0.8.6b
The Cacti Group Cacti 0.8.4
The Cacti Group Cacti 0.8.5
The Cacti Group Cacti 0.8.6e
The Cacti Group Cacti 0.8.3
The Cacti Group Cacti 0.8.3a
The Cacti Group Cacti 0.8.6c
The Cacti Group Cacti 0.8.6d
The Cacti Group Cacti 0.8
The Cacti Group Cacti 0.8.1
The Cacti Group Cacti 0.8.5a
The Cacti Group Cacti 0.8.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »