CVE-2014-2326

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool For the stable distribution (wheezy), these problems have been fixed in version 088a+dfsg-5+deb7u3 For the testing distribution (jessie), these problems have been fixed in ver ...

Debian Bug report logs - #752573 cacti: CVE-2014-4002 Cross-Site Scripting Vulnerability Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Paul Gevers <elbrus@debianorg> Date: Tue, 24 Jun 2014 19:57:06 ...

Debian Bug report logs - #743565 cacti: CVE-2014-2708 CVE-2014-2709 Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Apr 2014 19:33:01 UTC Severit ...

Debian Bug report logs - #742768 cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Mar 2014 07:03:01 UTC ...

Cross-site request forgery (CSRF) vulnerability in Cacti 087g, 088b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users Cross-site scripting (XSS) vulnerability in cdefphp in Cacti 0 ...