Package "cacti"
Name: |
cacti
|
Description: |
web interface for graphing of monitoring systems
|
Latest version: |
0.8.8b+dfsg-5ubuntu0.2 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://www.cacti.net/ |
Links
Download "cacti"
Other versions of "cacti" in Trusty
Changelog
cacti (0.8.8b+dfsg-5ubuntu0.2) trusty-security; urgency=medium
* Security update (backport patches from upstream)
- CVE-2014-4000 - PHP Object Injection Vulnerabilities
- CVE-2015-4634 - SQL injection vulnerability in graphs.php
- CVE-2015-8369 - SQL injection vulnerability in
include/top_graph_header.php
- CVE-2015-8377 - SQL injection vulnerability in host_new_graphs_save
- CVE-2015-8604 - SQL injection vulnerability in host_new_graphs
- CVE-2016-2313 - auth_login.php access restrictions could be bypassed
- CVE-2016-3172 - SQL injection vulnerability in tree.php
- CVE-2016-3659 - SQL injection vulnerability in graph_view.php
-- Paul Gevers <email address hidden> Sat, 11 Feb 2017 14:51:18 +0100
|
Source diff to previous version |
CVE-2014-4000 |
PHP Object Injection Vulnerabilities |
CVE-2015-4634 |
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id par |
CVE-2015-8369 |
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via |
CVE-2015-8377 |
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to e |
CVE-2015-8604 |
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execut |
CVE-2016-2313 |
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging |
CVE-2016-3172 |
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the paren |
CVE-2016-3659 |
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group |
|
cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium
* Security update (LP: #1210822):
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
- CVE-2014-5261 Unsufficient input sanitation leads to shell command
injection possibilities
- CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
injection attack scenarios
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers Sat, 27 Jun 2015 14:25:12 +0200
|
1210822 |
Please backport cacti security fixes |
CVE-2015-2665 |
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vector |
CVE-2015-4342 |
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef |
CVE-2015-4454 |
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute ar |
CVE-2014-5261 |
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharac |
CVE-2014-5262 |
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrar |
CVE-2014-5025 |
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrar |
CVE-2014-5026 |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web scri |
CVE-2014-5043 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed th |
CVE-2014-2327 |
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users fo |
CVE-2014-4002 |
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_act |
|
About
-
Send Feedback to @ubuntu_updates