Gentoo Linux Security Advisory 201401-20 - Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. Versions less than 0.8.8b are affected.
60e499dc878470aef030b4e84ae80fe629bbd4de79b08c73333effba0110f1fdMandriva Linux Security Advisory 2010-117 - SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. The updated packages have been patched to correct this issue.
33947dbd868524d62aad14623e5a01f9a97ad2142ead8f2fa5b005de44e44224Debian Linux Security Advisory 2060-1 - Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.
f67e6f193c2d5a80f90343b329eadfb551cc0916fe75d3cc23a7b852dfaeebe4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed