Search CVE reports
71 – 80 of 167 results
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 6
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to...
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Not affected | Not affected | Fixed | Fixed | Fixed |
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | — | Not affected | Not affected | Fixed | Fixed |
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
Some fixes available 1 of 3
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code...
1 affected package
cacti
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cacti | Not affected | Not affected | Not affected | Fixed | Not affected |