CVE Tools

the cacti group

Enterprise Softwareoss-project

14

Cumulative CVEs

6

Monthly snapshots

#49

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting the cacti group.

CVE-2007-3113Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, d...6.8Jun 7, 2007
CVE-2007-3112graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_...7.8Jun 7, 2007
CVE-2006-6799SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to c...7.5Dec 28, 2006
CVE-2006-0147Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaray...7.5Jan 9, 2006
CVE-2006-0146The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and ...7.5Jan 9, 2006
CVE-2005-2149config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL...10.0Jul 6, 2005
CVE-2005-2148Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value...7.5Jul 6, 2005
CVE-2005-1526PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.7.5Jun 22, 2005
CVE-2005-1525SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.7.5Jun 22, 2005
CVE-2005-1524PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.5.0Jun 22, 2005
CVE-2004-1737SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.7.5Feb 26, 2005
CVE-2004-1736Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal t...5.0Feb 26, 2005
CVE-2002-1479Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly...4.6Sep 1, 2004
CVE-2002-1478Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.10.0Sep 1, 2004
CVE-2002-1477graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.7.5Sep 1, 2004