Show filters
38 Total Results
Displaying 1-10 of 38
Sort by:
Attacker Value
Unknown
CVE-2021-26247
Disclosure Date: January 19, 2022 (last updated February 23, 2025)
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
0
Attacker Value
Unknown
CVE-2017-1000032
Disclosure Date: July 17, 2017 (last updated November 26, 2024)
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
0
Attacker Value
Unknown
CVE-2017-1000031
Disclosure Date: July 17, 2017 (last updated November 26, 2024)
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
0
Attacker Value
Unknown
CVE-2014-5025
Disclosure Date: October 20, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
0
Attacker Value
Unknown
CVE-2014-5026
Disclosure Date: October 20, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.
0
Attacker Value
Unknown
CVE-2014-5262
Disclosure Date: August 22, 2014 (last updated October 05, 2023)
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
0
Attacker Value
Unknown
CVE-2014-5261
Disclosure Date: August 22, 2014 (last updated October 05, 2023)
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
0
Attacker Value
Unknown
CVE-2014-4002
Disclosure Date: July 03, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.
0
Attacker Value
Unknown
CVE-2014-2708
Disclosure Date: April 10, 2014 (last updated October 05, 2023)
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.
0
Attacker Value
Unknown
CVE-2014-2326
Disclosure Date: March 27, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0