what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Cacti 1.2.26 Remote Code Execution
Posted May 15, 2024
Authored by EgiX | Site karmainsecurity.com

Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-25641
SHA-256 | 86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937

Related Files

Gentoo Linux Security Advisory 202007-03
Posted Jul 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-3 - Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Versions less than 1.2.13 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-11022, CVE-2020-11023, CVE-2020-14295
SHA-256 | b91c68deb806affd52aaef7ec8de220f22efb4b1fd563f5e4c88378a9d9c35b7
Gentoo Linux Security Advisory 202004-16
Posted May 1, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202004-16 - Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Versions less than 1.2.11 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-8813
SHA-256 | a6c29ffd3873fdfd7fee07eb84119f4e33133b4087c3065b62c2d4a43a108602
Gentoo Linux Security Advisory 202003-40
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-40 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.2.9 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-16723, CVE-2019-17357, CVE-2019-17358, CVE-2020-7106, CVE-2020-7237
SHA-256 | 18820d432372c5b6516503158ba086e9364adae96c8c9b019f11b9098c36d8e2
Cacti 1.2.8 Unauthenticated Remote Code Execution
Posted Mar 2, 2020
Authored by Lucas Amorim | Site metasploit.com

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.

tags | exploit, remote, arbitrary, shell, php
advisories | CVE-2020-8813
SHA-256 | ddfd448fc925b28a03aaba73be8f9999625bb6879802ec1b4e35f2eeef4e1d87
Cacti 1.2.8 Authenticated Remote Code Execution
Posted Feb 26, 2020
Authored by Askar

Cacti version 1.2.8 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8813
SHA-256 | 56cc6422c5477bd9cb39748c97408cbda4d9c2b376cadcbfd9f1e8930b549790
Cacti 1.2.8 Unauthenticated Remote Code Execution
Posted Feb 26, 2020
Authored by Askar

Cacti version 1.2.8 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8813
SHA-256 | b14631bfc6fe1d158869f68e3d4b39c3a7081d27db7f6278239eea4c70b81555
Debian Security Advisory 4604-1
Posted Jan 19, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.

tags | advisory, code execution, info disclosure
systems | linux, debian
advisories | CVE-2019-16723, CVE-2019-17357, CVE-2019-17358
SHA-256 | c836c6f62d15e9ea4276158e276f15bdd9c0fb0c16c3a9003db467b258cc2713
Gentoo Linux Security Advisory 201711-10
Posted Nov 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-10 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.1.20:1.1.20 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4000, CVE-2016-2313, CVE-2017-12065
SHA-256 | 97704550c4ba8ab019b2d037f4857d6a56a9554e0fa2a554f38dfe3205a6fc63
Cacti 0.8.8g SQL Injection
Posted Apr 5, 2016
Authored by Xiaotian Wang

Cacti versions 0.8.8g and below remote SQL injection exploit.

tags | exploit, remote, sql injection
advisories | CVE-2016-3659
SHA-256 | 694fb314b7fd9974acdf0ba7228bc6585d81d00e7d0e2d855c470dd4db4fe97c
Debian Security Advisory 3494-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3494-1 - Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphs_new.php script to execute arbitrary SQL commands on the database.

tags | advisory, web, arbitrary, php, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2015-8377, CVE-2015-8604
SHA-256 | 97808cf3529875d4bcd54cfdad0de8a01c508d89587d889ac02eab545d374b0b
Cacti 0.8.8f graphs_new.php SQL Injection
Posted Jan 9, 2016
Authored by changzhao.mao

Cacti versions 0.8.8f and below suffer from a remote SQL injection vulnerability in graphs_new.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2015-8604
SHA-256 | a78b6681709c8cc20f7d107b4b963d37f859192b55999eb8a655eb58c5f6c5c4
Debian Security Advisory 3423-1
Posted Dec 17, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3423-1 - Several SQL injection vulnerabilities have been discovered in Cacti, an RRDTool frontend written in PHP. Specially crafted input can be used by an attacker in the rra_id value of the graph.php script to execute arbitrary SQL commands on the database.

tags | advisory, arbitrary, php, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2015-8369
SHA-256 | c27b03bedc1d4f86e3ff26013e506674b7a595b483450b54fc20acb03aa88410
Cacti 0.8.8f SQL Injection
Posted Dec 9, 2015
Authored by changzhao.mao

Cacti versions 0.8.8f and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-8369
SHA-256 | 9360ec416bde873ec1d7ef3ca752240e463cf1396011ebe65a86a035905bb4a3
Gentoo Linux Security Advisory 201509-03
Posted Sep 25, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201509-3 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. Versions less than 0.8.8d are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-2326, CVE-2014-2327, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002, CVE-2014-5025, CVE-2014-5026, CVE-2015-2967
SHA-256 | 7a4f1dbc306cb7046c88c372fc9d48510bfe0a35ebb5b4a0471b6a480296dc83
Debian Security Advisory 3312-1
Posted Jul 22, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3312-1 - Multiple SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2015-4634
SHA-256 | d2e58c23e61090e6a0aa8fd736ddfec8ccc03c212a55999fa01140e8ea75c1f7
Debian Security Advisory 3295-1
Posted Jun 25, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3295-1 - Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2015-2665, CVE-2015-4342, CVE-2015-4454
SHA-256 | d2270ddee10b79388cb859232c9460813be0e3e20d67218545961d4dc00d0b4f
Cacti SQL Injection / Header Injection
Posted Jun 9, 2015
Authored by unhex

Cacti versions prior to 0.8.8d suffer from remote SQL injection and header injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2015-4342
SHA-256 | 3e823ac472067243035504e5783afe8875d2bc6dade55e315ed703166b3ea9b8
Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection
Posted Dec 20, 2014
Authored by Wireghoul

Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2014-4644
SHA-256 | 5a23314873f3c7b79647dafc858449285d365137abb907d03a2007a2c4bb40fd
Debian Security Advisory 3007-1
Posted Aug 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3007-1 - Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, xss, sql injection
systems | linux, debian
advisories | CVE-2014-5025, CVE-2014-5026, CVE-2014-5027, CVE-2014-5261, CVE-2014-5262
SHA-256 | 4f0e774ab42a6d70a94103e9e8f16df9a32a25d26c01b1a17ccf40a3b0bdc588
Debian Security Advisory 2970-1
Posted Jun 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2970-1 - Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.

tags | advisory, web, xss, sql injection, csrf
systems | linux, debian
advisories | CVE-2014-2326, CVE-2014-2327, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002
SHA-256 | 67f7c14f82e222e1693697e3659a72b9ae669ebe3fb08bb51ed5f7d72102d52e
Deutsche Telekom CERT Advisory DTC-A-20140324-001
Posted Mar 25, 2014
Authored by Deutsche Telekom CERT

Cacti version 0.8.7g suffers from stored cross site scripting, cross site request forgery, and possible command execution vulnerabilities.

tags | advisory, vulnerability, xss, csrf
advisories | CVE-2014-2326, CVE-2014-2327, CVE-2014-2328
SHA-256 | a60f85a2d28f7d6505f3ecacf176ca9ddaef9f4003db247563075b71d7f4162d
Gentoo Linux Security Advisory 201401-20
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-20 - Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. Versions less than 0.8.8b are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1644, CVE-2010-1645, CVE-2010-2092, CVE-2010-2543, CVE-2010-2544, CVE-2010-2545, CVE-2013-1434, CVE-2013-1435
SHA-256 | 60e499dc878470aef030b4e84ae80fe629bbd4de79b08c73333effba0110f1fd
Mandriva Linux Security Advisory 2013-228
Posted Sep 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-228 - Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the id parameter to cacti/host.php. SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss, sql injection
systems | linux, mandriva
advisories | CVE-2013-5588, CVE-2013-5589
SHA-256 | 95f155644671c729e416471b25c911bf5820a78f517686f57cbaaca0cf7aee39
HP SiteScope Remote Code Execution
Posted Sep 9, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.

tags | exploit, shell, code execution
systems | windows
advisories | CVE-2013-2367, OSVDB-95824
SHA-256 | 02888ebdda6dc97a16fcb507f825f9cfbf26bc98824bc1efc03e5b0ff9d28b2f
Debian Security Advisory 2747-1
Posted Aug 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2747-1 - Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-5588, CVE-2013-5589
SHA-256 | 5cff70381259ac904ac31e8d328da100be3280ec8d318231c9f20a320d7da4ad
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close