Information on source package cacti

Available versions

ReleaseVersion
jessie0.8.8b+dfsg-8+deb8u6
jessie (security)0.8.8b+dfsg-8+deb8u4
stretch0.8.8h+ds1-10
buster1.1.38+ds1-1
sid1.1.38+ds1-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-10061vulnerable (no DSA)vulnerable (no DSA)fixedfixedCacti before 1.1.37 has XSS because it makes certain htmlspecialchars ...
CVE-2018-10060vulnerable (no DSA)vulnerable (no DSA)fixedfixedCacti before 1.1.37 has XSS because it does not properly reject ...
CVE-2017-16641vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedlib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...
CVE-2017-1000031vulnerable (no DSA, ignored)fixedfixedfixedSQL injection vulnerability in graph_templates_inputs.php in Cacti ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2009-4112vulnerablevulnerablevulnerablevulnerableCacti 0.8.7e and earlier allows remote authenticated administrators to ...

Resolved issues

BugDescription
TEMP-0000000-F6033CSQL Injection in data_templates.php
TEMP-0000000-F32736SQL Injection Vulnerability in graph items and graph template items
TEMP-0000000-EFA573SQL Injection Vulnerability in data sources
TEMP-0000000-E43D47SQL Injection in cdef.php
TEMP-0000000-AA638ESQL Injection in graph_templates.php
TEMP-0000000-018938SQL Injection in host_templates.php
CVE-2018-10059Cacti before 1.1.37 has XSS because the get_current_page function in ...
CVE-2017-16785Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ...
CVE-2017-16661Cacti 1.1.27 allows remote authenticated administrators to read ...
CVE-2017-16660Cacti 1.1.27 allows remote authenticated administrators to conduct ...
CVE-2017-15194include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...
CVE-2017-12978lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...
CVE-2017-12927A cross-site scripting vulnerability exists in Cacti 1.1.17 in the ...
CVE-2017-12066Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...
CVE-2017-12065spikekill.php in Cacti before 1.1.16 might allow remote attackers to ...
CVE-2017-11691Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...
CVE-2017-11163Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...
CVE-2017-10970Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 ...
CVE-2017-1000032Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...
CVE-2016-3659SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...
CVE-2016-3172SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier ...
CVE-2016-2313auth_login.php in Cacti before 0.8.8g allows remote authenticated ...
CVE-2016-10700auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...
CVE-2015-8604SQL injection vulnerability in the host_new_graphs function in ...
CVE-2015-8377SQL injection vulnerability in the host_new_graphs_save function in ...
CVE-2015-8369SQL injection vulnerability in include/top_graph_header.php in Cacti ...
CVE-2015-4634SQL injection vulnerability in graphs.php in Cacti before 0.8.8e ...
CVE-2015-4454SQL injection vulnerability in the get_hash_graph_template function in ...
CVE-2015-4342SQL injection vulnerability in Cacti before 0.8.8d allows remote ...
CVE-2015-2967Cross-site scripting (XSS) vulnerability in settings.php in Cacti ...
CVE-2015-2665Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...
CVE-2015-0916SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ...
CVE-2014-5262SQL injection vulnerability in the graph settings script ...
CVE-2014-5261The graph settings script (graph_settings.php) in Cacti 0.8.8b and ...
CVE-2014-5026Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...
CVE-2014-5025Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti ...
CVE-2014-4002Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...
CVE-2014-4000Cacti before 1.0.0 allows remote authenticated users to conduct PHP ...
CVE-2014-2709lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote ...
CVE-2014-2708Multiple SQL injection vulnerabilities in graph_xport.php in Cacti ...
CVE-2014-2328lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows ...
CVE-2014-2327Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, ...
CVE-2014-2326Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...
CVE-2013-7464In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not ...
CVE-2013-5589SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and ...
CVE-2013-5588Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...
CVE-2013-1435(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote ...
CVE-2013-1434Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) ...
CVE-2011-5223Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...
CVE-2011-4824SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h ...
CVE-2010-2545Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...
CVE-2010-2544Cross-site scripting (XSS) vulnerability in utilities.php in Cacti ...
CVE-2010-2543Cross-site scripting (XSS) vulnerability in ...
CVE-2010-2092SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...
CVE-2010-1645Cacti before 0.8.7f, as used in Red Hat High Performance Computing ...
CVE-2010-1644Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...
CVE-2010-1431SQL injection vulnerability in templates_export.php in Cacti 0.8.7e ...
CVE-2009-4032Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...
CVE-2008-0786CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...
CVE-2008-0785Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...
CVE-2008-0784graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...
CVE-2008-0783Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...
CVE-2007-6035SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...
CVE-2007-3113Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...
CVE-2007-3112graph_image.php in Cacti 0.8.6i, and possibly other versions, allows ...
CVE-2006-6799SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...
CVE-2006-0806Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...
CVE-2006-0410SQL injection vulnerability in ADOdb before 4.71, when using ...
CVE-2006-0147Dynamic code evaluation vulnerability in tests/tmssql.php test script ...
CVE-2006-0146The server.php test script in ADOdb for PHP before 4.70, as used in ...
CVE-2005-2149config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...
CVE-2005-2148Cacti 0.8.6e and earlier does not perform proper input validation to ...
CVE-2005-1526PHP remote file inclusion vulnerability in config_settings.php in ...
CVE-2005-1525SQL injection vulnerability in config_settings.php for Cacti before ...
CVE-2005-1524PHP file inclusion vulnerability in top_graph_header.php in Cacti ...
CVE-2004-1737SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...
CVE-2004-1736Cacti 0.8.5a allows remote attackers to gain sensitive information via ...
CVE-2002-1479Cacti before 0.6.8 stores a MySQL username and password in plaintext ...
CVE-2002-1478Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...
CVE-2002-1477graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...

Security announcements

DSA / DLADescription
DLA-560-2cacti - regression update
DLA-560-1cacti - security update
DSA-3494-1cacti - security update
DSA-3494-1cacti - security update
DLA-386-1cacti - security update
DLA-374-3cacti - regression update
DLA-374-2cacti - regression update
DLA-374-1cacti - security update
DSA-3423-1cacti - security update
DSA-3423-1cacti - security update
DSA-3312-1cacti - security update
DSA-3312-1cacti - security update
DLA-278-2cacti - regression update
DLA-278-1cacti - security update
DLA-255-1cacti - security update
DSA-3295-1cacti - security update
DSA-3295-1cacti - security update
DLA-40-1cacti - security update
DSA-3007-1cacti - security update
DSA-2970-1cacti - security update
DSA-2747-1cacti - several
DSA-2747-1cacti - several
DSA-2739-1cacti - several
DSA-2739-1cacti - several
DSA-2384-2cacti - several
DSA-2384-1cacti - several
DSA-2384-1cacti - several
DSA-2060-1cacti - SQL injection
DSA-2039-1cacti - missing input sanitising
DSA-1954-1cacti - insufficient input sanitising
DSA-1954-1cacti - insufficient input sanitising
DSA-1569-1cacti - multiple vulnerabilities
DSA-1418-1cacti - SQL injection
DSA-1418-1cacti - SQL injection
DSA-1250-1cacti
DSA-1031-1cacti - several
DSA-764-1cacti - several
DSA-764-1cacti - several
DSA-164cacti - arbitrary code execution

Search for package or bug name: Reporting problems