Summary
Detail | |||
---|---|---|---|
Vendor | The Cacti Group | First view | 2004-08-16 |
Product | Cacti | Last view | 2007-06-07 |
Version | 0.6.8a | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:the_cacti_group:cacti |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2007-06-07 | CVE-2007-3113 | Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. |
7.8 | 2007-06-07 | CVE-2007-3112 | graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. |
7.5 | 2006-12-28 | CVE-2006-6799 | SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. |
7.5 | 2005-06-22 | CVE-2005-1526 | PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter. |
7.5 | 2005-06-22 | CVE-2005-1525 | SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. |
5 | 2005-06-22 | CVE-2005-1524 | PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. |
7.5 | 2004-08-16 | CVE-2004-1737 | SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
37019 | Cacti graph_image.php Multiple Variable Malformed Input Remote DoS |
31468 | Cacti cmd.php Multiple Parameter SQL Injection Arbitrary Command Execution |
17426 | Cacti top_graph_header.php config Parameter Remote File Inclusion |
17425 | Cacti config_settings.php config Parameter Remote File Inclusion |
17424 | Cacti config_settings.php id Parameter SQL Injection |
8989 | Cacti auth_login.php SQL Injection |
OpenVAS Exploits
id | Description |
---|---|
2009-12-30 | Name : Debian Security Advisory DSA 1954-1 (cacti) File : nvt/deb_1954_1.nasl |
2009-02-27 | Name : Fedora Update for cacti FEDORA-2007-2199 File : nvt/gb_fedora_2007_2199_cacti_fc7.nasl |
2009-02-27 | Name : Fedora Update for cacti FEDORA-2007-3683 File : nvt/gb_fedora_2007_3683_cacti_fc7.nasl |
2009-02-16 | Name : Fedora Update for cacti FEDORA-2008-1737 File : nvt/gb_fedora_2008_1737_cacti_fc7.nasl |
2009-01-28 | Name : SuSE Update for cacti SUSE-SA:2007:007 File : nvt/gb_suse_2007_007.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-21 (cacti) File : nvt/glsa_200408_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200506-20 (cacti) File : nvt/glsa_200506_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-23 (cacti) File : nvt/glsa_200701_23.nasl |
2008-09-04 | Name : FreeBSD Ports: cacti File : nvt/freebsd_cacti.nasl |
2008-09-04 | Name : FreeBSD Ports: cacti File : nvt/freebsd_cacti3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1250-1 (cacti) File : nvt/deb_1250_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 764-1 (cacti) File : nvt/deb_764_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | cacti graph_image arbitrary command execution attempt RuleID : 8712 - Type : SERVER-WEBAPP - Revision : 7 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-03-03 | Name: The remote web server is running a PHP application that is affected by multip... File: cacti_086e_vcheck.nasl - Type: ACT_GATHER_INFO |
2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1954.nasl - Type: ACT_GATHER_INFO |
2007-11-26 | Name: The remote Fedora host is missing a security update. File: fedora_2007-3683.nasl - Type: ACT_GATHER_INFO |
2007-11-06 | Name: The remote Fedora host is missing a security update. File: fedora_2007-2199.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_cacti-2447.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2007_007.nasl - Type: ACT_GATHER_INFO |
2007-02-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200701-23.nasl - Type: ACT_GATHER_INFO |
2007-01-26 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1250.nasl - Type: ACT_GATHER_INFO |
2007-01-02 | Name: The remote web server contains a PHP script that allows arbitrary command exe... File: cacti_cmd_php_cmd_exec.nasl - Type: ACT_ATTACK |
2005-07-21 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-764.nasl - Type: ACT_GATHER_INFO |
2005-06-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200506-20.nasl - Type: ACT_GATHER_INFO |
2005-06-22 | Name: The remote web server is running a PHP application that is affected by a loca... File: cacti_086e.nasl - Type: ACT_ATTACK |
2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200408-21.nasl - Type: ACT_GATHER_INFO |