Cacti

cacti

Vendor: Cacti • 137 CVEs

CVEs (137)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-8377 1Cacti 1Cacti May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the select...Show more SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.Show less
CVE-2015-4634 1Cacti 1Cacti May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
CVE-2015-2967 1Cacti 1Cacti May 6, 2026 Jul 10, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4454 2Cacti Fedoraproject 2Cacti Fedora May 6, 2026 Jun 17, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templ...Show more SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.Show less
CVE-2015-4342 2Cacti Fedoraproject 2Cacti Fedora May 6, 2026 Jun 17, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
CVE-2015-2665 2Cacti Fedoraproject 2Cacti Fedora May 6, 2026 Jun 17, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0916 1Cacti 1Cacti May 6, 2026 May 22, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
CVE-2014-5026 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.Show less
CVE-2014-5025 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
CVE-2014-5262 1Cacti 1Cacti May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5261 1Cacti 1Cacti May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
CVE-2014-4002 2Cacti Opensuse 2Cacti Opensuse May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.Show less
CVE-2014-2709 2Cacti Debian 2Cacti Debian Linux May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
CVE-2014-2328 4Cacti DebianFedoraproject+1 more 4Cacti Debian LinuxFedora+1 more May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2014-2327 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify bin...Show more Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.Show less
CVE-2014-2708 1Cacti 1Cacti May 6, 2026 Apr 10, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_...Show more Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.Show less
CVE-2014-2326 4Cacti DebianFedoraproject+1 more 4Cacti Debian LinuxFedora+1 more May 6, 2026 Mar 27, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5589 3Cacti DebianOpensuse 3Cacti Debian LinuxOpensuse Apr 29, 2026 Aug 29, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-5588 2Cacti Opensuse 2Cacti Opensuse Apr 29, 2026 Aug 29, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cac...Show more Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.Show less
CVE-2013-1435 1Cacti 1Cacti Apr 29, 2026 Aug 23, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Previous 1 2 3 4 567 Next