what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Debian Linux Security Advisory 2060-1
Posted Jun 16, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2060-1 - Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value.

tags | advisory, php, sql injection
systems | linux, debian
advisories | CVE-2010-2092
SHA-256 | f67e6f193c2d5a80f90343b329eadfb551cc0916fe75d3cc23a7b852dfaeebe4
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close