Vulnerabilities > Cacti

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-01	CVE-2017-12065	Unspecified vulnerability in Cacti spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. network low complexity cacti critical	9.8
2017-07-27	CVE-2017-11691	Cross-site Scripting vulnerability in Cacti 1.1.13 Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. network low complexity cacti CWE-79	5.4
2017-07-17	CVE-2017-1000032	Cross-site Scripting vulnerability in Cacti 0.8.8B Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. network low complexity cacti CWE-79	6.1
2017-07-17	CVE-2017-1000031	SQL Injection vulnerability in Cacti 0.8.8B SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. network low complexity cacti CWE-89	8.8
2017-07-10	CVE-2017-11163	Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. network low complexity cacti CWE-79	5.4
2017-07-06	CVE-2017-10970	Cross-site Scripting vulnerability in Cacti 1.1.12 Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. network low complexity cacti CWE-79	5.4
2016-04-13	CVE-2016-2313	Permissions, Privileges, and Access Controls vulnerability in multiple products auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. network low complexity cacti opensuse CWE-264	8.8
2016-04-12	CVE-2016-3172	SQL Injection vulnerability in Cacti SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. network low complexity cacti CWE-89	8.8
2016-04-11	CVE-2015-8604	SQL Injection vulnerability in Cacti SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. network low complexity cacti CWE-89	8.8
2016-04-11	CVE-2016-3659	SQL Injection vulnerability in Cacti SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. network low complexity cacti CWE-89	8.8

Vulnerabilities > Cacti {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cacti"}]}

Vulnerabilities > Cacti