- EPSS 4.25%
- Veröffentlicht 08.11.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVE-2017-16661
- EPSS 1.47%
- Veröffentlicht 08.11.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /e...
- EPSS 3.2%
- Veröffentlicht 07.11.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-15194
- EPSS 1.07%
- Veröffentlicht 11.10.2017 01:32:54
- Zuletzt bearbeitet 13.05.2026 00:24:29
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVE-2017-12978
- EPSS 0.79%
- Veröffentlicht 21.08.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVE-2017-12927
- EPSS 1.37%
- Veröffentlicht 18.08.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
CVE-2017-12065
- EPSS 2.92%
- Veröffentlicht 01.08.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
CVE-2017-12066
- EPSS 1.42%
- Veröffentlicht 01.08.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: th...
CVE-2017-11691
- EPSS 1.99%
- Veröffentlicht 27.07.2017 06:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVE-2017-1000031
- EPSS 1.39%
- Veröffentlicht 17.07.2017 13:18:16
- Zuletzt bearbeitet 13.05.2026 00:24:29
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.