Filtered by vendor Cacti
Subscribe
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39360 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-03-18 | N/A | 6.1 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | |||||
| CVE-2023-46490 | 1 Cacti | 1 Cacti | 2023-11-13 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | |||||
| CVE-2023-39512 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 4.8 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | |||||
| CVE-2023-39510 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 4.8 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | |||||
| CVE-2023-39366 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 4.8 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | |||||
| CVE-2023-39359 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-09 | N/A | 8.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-37543 | 1 Cacti | 1 Cacti | 2023-11-07 | N/A | 7.5 HIGH |
| Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | |||||
| CVE-2020-8813 | 5 Cacti, Debian, Fedoraproject and 2 more | 6 Cacti, Debian Linux, Fedora and 3 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | |||||
| CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | |||||
| CVE-2020-7237 | 1 Cacti | 1 Cacti | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | |||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | |||||
| CVE-2020-25706 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field | |||||
| CVE-2020-14295 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. | |||||
| CVE-2020-13230 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | |||||
| CVE-2020-13231 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | |||||
| CVE-2019-16723 | 1 Cacti | 1 Cacti | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | |||||
| CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | |||||
| CVE-2010-2543 | 1 Cacti | 1 Cacti | 2023-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b. | |||||
| CVE-2023-39358 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2023-11-03 | N/A | 8.8 HIGH |
| Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-48538 | 1 Cacti | 1 Cacti | 2023-08-28 | N/A | 5.3 MEDIUM |
| In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. | |||||