spikekill.php in Cacti prior to 1.1.16 might allow remote malicious users to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Debian Bug report logs -
#870353
cacti: CVE-2017-12065
Package:
src:cacti;
Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 1 Aug 2017 11:33:01 UTC
Severity: important
Tags: patch, security, upstream
Found in ver ...
Debian Bug report logs -
#870354
cacti: CVE-2017-12066
Package:
src:cacti;
Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 1 Aug 2017 11:36:01 UTC
Severity: important
Tags: patch, security, upstream
Found in ver ...
spikekillphp in Cacti before 1116 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter (CVE-2017-12065)
Cross-site scripting (XSS) vulnerability in aggregate_graphsphp in Cacti before 1116 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted H ...