Vulnerabilities > Cacti > Cacti > 0.8.7f

DATE CVE VULNERABILITY TITLE RISK
2014-08-22 CVE-2014-5261 Code Injection vulnerability in Cacti
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
network
low complexity
cacti CWE-94
7.5
7.5
2014-04-23 CVE-2014-2709 Security vulnerability in Cacti 'rrd.php'
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
network
low complexity
cacti debian
7.5
7.5
2014-04-23 CVE-2014-2328 Remote Command Execution vulnerability in Cacti
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
network
low complexity
cacti fedoraproject opensuse debian
6.5
6.5
2014-04-23 CVE-2014-2327 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. 		6.8
6.8
2013-08-29 CVE-2013-5589 SQL Injection vulnerability in multiple products
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
debian cacti opensuse CWE-89
7.5
7.5
2013-08-29 CVE-2013-5588 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. 		4.3
4.3
2013-08-23 CVE-2013-1435 Code Injection vulnerability in Cacti
(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
network
low complexity
cacti CWE-94
7.5
7.5
2013-08-23 CVE-2013-1434 SQL Injection vulnerability in Cacti
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
cacti CWE-89
7.5
7.5
2012-10-25 CVE-2011-5223 Cross-Site Scripting vulnerability in Cacti
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
network
cacti CWE-79
4.3
4.3
2011-12-15 CVE-2011-4824 SQL Injection vulnerability in Cacti
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.
network
low complexity
cacti CWE-89
7.5
7.5