Search Results (156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10970 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
CVE-2017-16641 1 Cacti 1 Cacti 2025-04-20 N/A
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-1000031 1 Cacti 1 Cacti 2025-04-20 N/A
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2017-11163 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
CVE-2017-1000032 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
CVE-2017-12978 1 Cacti 1 Cacti 2025-04-20 N/A
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVE-2017-11691 1 Cacti 1 Cacti 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVE-2017-16660 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVE-2014-4000 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVE-2017-12927 1 Cacti 1 Cacti 2025-04-20 N/A
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
CVE-2017-16785 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVE-2015-2967 1 Cacti 1 Cacti 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0916 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
CVE-2014-2709 2 Cacti, Debian 2 Cacti, Debian Linux 2025-04-12 N/A
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
CVE-2014-5025 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
CVE-2015-8369 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2025-04-12 N/A
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2015-4634 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
CVE-2014-2328 4 Cacti, Debian, Fedoraproject and 1 more 4 Cacti, Debian Linux, Fedora and 1 more 2025-04-12 N/A
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2015-2665 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.