Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti 0.8.7g vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48547
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and previous versions allows unauthenticated remote malicious users to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.
Cacti Cacti
383
VMScore
CVE-2021-26247
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
Cacti Cacti 0.8.7g
668
VMScore
CVE-2014-5261
The graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.7
Cacti Cacti 0.8.6e
Cacti Cacti
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.8a
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7a
668
VMScore
CVE-2014-5262
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Cacti Cacti
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7b
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.8a
Cacti Cacti 0.8.8
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.7
Cacti Cacti 0.8.7i
Cacti Cacti 0.8.7g
Cacti Cacti 0.8.6e
605
VMScore
CVE-2014-2327
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3)...
Cacti Cacti
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
578
VMScore
CVE-2014-2328
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Cacti Cacti
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Debian Debian Linux 7.0
668
VMScore
CVE-2014-2709
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in unspecified parameters.
Cacti Cacti
Debian Debian Linux 7.0
Debian Debian Linux 8.0
668
VMScore
CVE-2014-2708
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source,...
Cacti Cacti 0.8.8b
383
VMScore
CVE-2014-2326
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Cacti Cacti 0.8.7g
Debian Debian Linux 7.0
383
VMScore
CVE-2013-5588
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
Cacti Cacti 0.8.8
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.2
Cacti Cacti 0.8.6g
Cacti Cacti 0.8.6h
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6
Cacti Cacti 0.8.6a
Cacti Cacti 0.8.6b
Cacti Cacti 0.8.7c
Cacti Cacti 0.8.7d
Cacti Cacti 0.8.7e
Cacti Cacti 0.8.7f
Cacti Cacti 0.8.7g
Cacti Cacti
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.5
Cacti Cacti 0.8.6c
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »