from 0, < 1.2.16+ds1-2+deb11u1
from 0, < 1.2.16+ds1-2+deb11u5
CRITICAL9.8CVE-2025-26520Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. from 0, < 1.2.30+ds1-1
CRITICAL9.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
CRITICAL9.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u1
CRITICAL9.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u1
CRITICAL9.8spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end p…
from 0, < 1.1.16+ds1-1
CRITICAL9.1DOMPurify vulnerable to tampering by prototype polution
from 0, < 1.2.16+ds1-2+deb11u5
CRITICAL9.1Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti is an open source performance and fault management framework.
from 0
HIGH8.8Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script.
from 0, < 0.8.6d-1
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.28+ds1-4
HIGH8.8Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.26+ds1-1
HIGH8.8Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u3
HIGH8.8Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
from 0, < 1.2.16+ds1-2+deb11u3
HIGH8.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
HIGH8.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8cacti - security update
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8cacti - security update
from 0, < 1.2.2+ds1-2+deb10u6
HIGH8.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
HIGH8.8An issue was discovered in Cacti 1.2.x through 1.2.16.
from 0, < 1.2.16+ds1-2
HIGH8.8graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest…
from 0, < 1.2.10+ds1-1
HIGH8.8Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_…
from 0, < 1.2.9+ds1-1
HIGH8.8data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> P…
from 0
HIGH8.8auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by…
from 0, < 0.8.8h+ds1-5
HIGH8.8Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted s…
from 0, < 0.8.8e+ds1-1
HIGH8.8SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the…
from 0, < 0.8.8e+ds1-1
HIGH8.8cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u9
HIGH8.8cacti - security update
from 0, < 0.8.8g+ds1-1
HIGH8.8SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via…
from 0, < 0.8.8g+ds1-2
HIGH8.8cacti - security update
from 0, < 0.8.7g-1+squeeze9+deb6u14
HIGH8.8cacti - security update
from 0, < 0.8.8f+ds1-4
HIGH8.8SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the…
from 0, < 0.8.8h+ds1-1
HIGH8.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH8.1cacti - security update
from 0, < 1.2.8+ds1-1
HIGH8.1cacti - security update
from 0, < 0.8.8h+ds1-10+deb9u1
HIGH8.1cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u8
HIGH8.0Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.5Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.5Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_…
from 0, < 1.2.6+ds1-1
HIGH7.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.2Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
HIGH7.2Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.2Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
HIGH7.2Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
HIGH7.2A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter.
from 0, < 1.2.13+ds1-1
HIGH7.2Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root…
from 0, < 1.1.27+ds1-3
HIGH7.2lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in a…
from 0, < 1.1.27+ds1-3
MEDIUM6.5SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in th…
from 0
MEDIUM6.5In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
from 0, < 1.2.11+ds1-1
MEDIUM6.5Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled whe…
from 0, < 1.2.8+ds1-1
MEDIUM6.3Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM6.1Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u2
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM6.1A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrar…
from 0, < 0.8.7i-1
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM6.1cacti - security update
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM6.1As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully exec…
from 0, < 0.8.7i-1
MEDIUM6.1Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
from 0, < 1.2.19+ds1-1
MEDIUM6.1cacti - security update
from 0, < 1.2.2+ds1-2+deb10u5
MEDIUM6.1cacti - security update
from 0, < 1.2.13+ds1-1
MEDIUM6.1A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during t…
from 0, < 1.2.14+ds1-1
MEDIUM6.1cacti - security update
from 0, < 1.2.9+ds1-1
MEDIUM6.1cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u9
MEDIUM6.1Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
from 0, < 1.1.27+ds1-3
MEDIUM6.1include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
from 0, < 1.1.25+ds1-1
MEDIUM6.1A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
from 0, < 1.1.17+ds1-2
MEDIUM6.1Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id…
from 0, < 0.8.8b+dfsg-6
MEDIUM5.4A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29.
from 0
MEDIUM5.4cacti - security update
from 0, < 1.2.16+ds1-2+deb11u5
MEDIUM5.4cacti - security update
from 0, < 1.2.16+ds1-2+deb11u5
MEDIUM5.4Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM5.4Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u4
MEDIUM5.4cacti - security update
from 0, < 1.2.24+ds1-1+deb12u5
MEDIUM5.4cacti - security update
from 0, < 1.2.24+ds1-1+deb12u5
MEDIUM5.4Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB).
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM5.4Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM5.4Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the crea…
from 0, < 1.2.1+ds1-1
MEDIUM5.4Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field…
from 0, < 1.2.1+ds1-1
MEDIUM5.4cacti - security update
from 0, < 0.8.8b+dfsg-8+deb8u7
MEDIUM5.4cacti - security update
from 0, < 1.2.2+ds1-2
MEDIUM5.4A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended ch…
from 0, < 1.2.1+ds1-1
MEDIUM5.4Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_es…
from 0, < 1.1.37+ds1-1
MEDIUM5.4cacti - security update
from 0, < 0.8.8h+ds1-10+deb9u2
MEDIUM5.4cacti - security update
from 0, < 1.1.37+ds1-1
MEDIUM5.4Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['…
from 0, < 1.1.37+ds1-1
MEDIUM5.4lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
from 0, < 1.1.18+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitra…
from 0, < 1.1.16+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML…
from 0, < 1.1.15+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web…
from 0, < 1.1.12+ds1-1
MEDIUM5.4Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML v…
from 0, < 1.1.12+ds1-1
MEDIUM5.3In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_lda…
from 0
MEDIUM4.9Cacti is an open source performance and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u5
MEDIUM4.9Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then…
from 0, < 1.1.27+ds1-3
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u3
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.16+ds1-2+deb11u2
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM4.8Cacti is an open source operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u1
MEDIUM4.8A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended charac…
from 0, < 1.2.1+ds1-1
MEDIUM4.8A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in…
from 0, < 1.2.1+ds1-1
MEDIUM4.8A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended charac…
from 0, < 1.2.1+ds1-1
MEDIUM4.7Cacti provides an operational monitoring and fault management framework.
from 0, < 1.2.24+ds1-1+deb12u3
MEDIUM4.3Cacti is an open source operational monitoring and fault management framework.
from 0
MEDIUM4.3In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission…
from 0, < 1.2.11+ds1-1
MEDIUM4.3In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with…
from 0, < 1.2.7+ds1-1
—cacti - security update
from 0, < 0.8.7g-1+squeeze9+deb6u11
—cacti - security update
from 0, < 0.8.8f+ds1-3
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u7
—cacti - security update
from 0, < 0.8.8f+ds1-4
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u8
—cacti - security update
from 0, < 0.8.7g-1+squeeze7
—cacti - security update
from 0, < 0.8.8e+ds1-1
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u6
—Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or H…
from 0, < 0.8.8d+ds1-1
—SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to…
from 0, < 0.8.8d+ds1-1
—SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involv…
from 0, < 0.8.8d+ds1-1
—cacti - security update
from 0, < 0.8.8d+ds1-1
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u5
—cacti - security update
from 0, < 0.8.7g-1+squeeze6
—SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the…
from 0, < 0.8.6f-1
—Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrar…
from 0, < 0.8.8b+dfsg-7
—cacti - security update
from 0, < 0.8.7g-1+squeeze5
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u4
—cacti - security update
from 0, < 0.8.8b+dfsg-7
—SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execut…
from 0, < 0.8.8b+dfsg-8
—The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell…
from 0, < 0.8.8b+dfsg-8
—Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (…
from 0, < 0.8.8b+dfsg-6
—lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecif…
from 0, < 0.8.8b+dfsg-4
—lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacha…
from 0, < 0.8.8b+dfsg-4
—Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication o…
from 0, < 0.8.8b+dfsg-6
—Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary…
from 0, < 0.8.8b+dfsg-4
—cacti - security update
from 0, < 0.8.8a+dfsg-5+deb7u3
—cacti - security update
from 0, < 0.8.8b+dfsg-4
—SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the…
from 0, < 0.8.8b+dfsg-3
—cacti - several
from 0, < 0.8.8b+dfsg-3
—cacti - several
from 0, < 0.8.7g-1+squeeze3
—(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspe…
from 0, < 0.8.8b+dfsg-1
—cacti - several
from 0, < 0.8.7g-1+squeeze2
—cacti - several
from 0, < 0.8.8b+dfsg-1
—Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication o…
from 0, < 0.8.7i-1
—SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the logi…
from 0, < 0.8.7i-1
—Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution an…
from 0, < 0.8.7g-1
—Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solut…
from 0, < 0.8.7g-1
—Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary…
from 0, < 0.8.7g-1
—Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administr…
from 0, < 0.8.7g-1
—cacti - several
from 0, < 0.8.7b-2.1+lenny4
—cacti - several
from 0, < 0.8.7g-1
—cacti - SQL injection
from 0, < 0.8.7b-2.1+lenny3
—cacti - SQL injection
from 0, < 0.8.7e-4
—cacti - missing input sanitising
from 0, < 0.8.7b-2.1+lenny2
—cacti - missing input sanitising
from 0, < 0.8.7e-3
—Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux…
from 0, < 1.2.1+ds1-1
—Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vecto…
from 0, < 0.8.7e-1.1
—Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arb…
from 0, < 0.8.7b-1
—cacti - multiple vulnerabilities
from 0, < 0.8.7b-1
—CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote at…
from 0, < 0.8.7b-1
—graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_i…
from 0, < 0.8.7b-1
—cacti - multiple vulnerabilities
from 0, < 0.8.6i-3.3
—cacti - SQL injection
from 0, < 0.8.7a-1
—cacti - SQL injection
from 0, < 0.8.6c-7sarge5
—Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large val…
from 0, < 0.8.6j-1.1
—cacti - insufficient input sanitising
from 0, < 0.8.6j-1.1
—cacti - insufficient input sanitising
from 0, < 0.8.6i-3.6
—cacti
from 0, < 0.8.6c-7sarge4
—cacti
from 0, < 0.8.6i-3
—Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to i…
from 0, < 0.8.6d-1
—SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unsp…
from 0, < 0.8.6d-1
—cacti - several
from 0, < 0.8.6c-7sarge3
—Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including…
from 0, < 0.8.6d-1
—cacti - several
from 0, < 0.8.6d-1
—Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execu…
from 0, < 0.8.6f-1
—config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain p…
from 0, < 0.8.6f-1
—cacti - several
from 0, < 0.8.6e-1
—cacti - several
from 0, < 0.6.7-2.5
—PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code…
from 0, < 0.8.6e-1
—SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via th…
from 0, < 0.8.6e-1
—Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_change…
from 0, < 0.8.5a-5
—SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authenti…
from 0, < 0.8.5a-5
—Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
from 0, < 0.6.8a-2
—cacti - arbitrary code execution
from 0, < 0.6.8a-2
—cacti - arbitrary code execution
from 0, < 0.6.7-2.1
—Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows loca…
from 0, < 0.6.8-1