The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2023-39366 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_\'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim\'s browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | -- | Sep 5, 2023 |
CVE-2023-39515 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti\'s database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim\'s browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | -- | Sep 5, 2023 |
CVE-2023-39361 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Sep 5, 2023 |
CVE-2023-31132 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Sep 5, 2023 |
CVE-2023-50250 | Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. | -- | Dec 22, 2023 |
CVE-2023-39357 | Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | -- | Sep 5, 2023 |
CVE-2023-49084 | Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. | -- | Dec 21, 2023 |
CVE-2023-49086 | Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user\'s browser. This issue has been patched in version 1.2.26. | -- | Dec 22, 2023 |
CVE-2023-37543 | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | -- | Aug 10, 2023 |
CVE-2020-14424 | Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | MEDIUM | Nov 14, 2021 |
CVE-2018-10059 | Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | LOW | Apr 12, 2018 |
CVE-2018-10061 | Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | LOW | Apr 12, 2018 |
CVE-2018-10060 | Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | LOW | Apr 12, 2018 |
CVE-2014-4000 | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | -- | Nov 15, 2017 |
CVE-2010-1645 | Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. | Medium | Aug 25, 2010 |
CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | MEDIUM | Jan 18, 2020 |
CVE-2020-7237 | Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. | HIGH | Jan 29, 2020 |
CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.php. | LOW | Jan 20, 2022 |
CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via Copy method at user_group_admin.php. | LOW | Jan 20, 2022 |
CVE-2017-16785 | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | MEDIUM | Nov 10, 2017 |
CVE-2017-16661 | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. | MEDIUM | Nov 8, 2017 |
CVE-2017-16660 | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | HIGH | Nov 8, 2017 |
CVE-2009-4112 | Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the Data Input Method for the Linux - Get Memory Usage setting to contain arbitrary commands. | High | Dec 1, 2009 |
CVE-2020-12857 | Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. | MEDIUM | May 20, 2020 |
CVE-2023-43661 | Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue. | -- | Oct 11, 2023 |
CVE-2021-39165 | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator\'s password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it\'s developing 2.4 branch is affected. | MEDIUM | Aug 27, 2021 |
CVE-2021-39174 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | -- | Aug 28, 2021 |
CVE-2021-39172 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | -- | Aug 28, 2021 |
CVE-2021-39173 | Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | -- | Aug 28, 2021 |
CVE-2023-26441 | Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. | -- | Aug 3, 2023 |
CVE-2013-0189 | cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.Per http://www.ubuntu.com/usn/USN-1713-1/ | Medium | Feb 11, 2013 |
CVE-2016-2793 | CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. | MEDIUM | Mar 17, 2016 |
CVE-2013-2217 | cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. | Low | Sep 24, 2013 |
CVE-2010-0300 | cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command. | Medium | Feb 5, 2010 |
CVE-2013-5661 | Cache Poisoning issue exists in DNS Response Rate Limiting. | LOW | Nov 8, 2019 |
CVE-2023-26460 | Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity | -- | Mar 14, 2023 |
CVE-2020-6852 | CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. | HIGH | Apr 2, 2020 |
CVE-2015-2060 | cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. | MEDIUM | Dec 2, 2019 |
CVE-2017-17601 | Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | HIGH | Dec 13, 2017 |
CVE-2010-1222 | CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. | Medium | Apr 8, 2010 |
CVE-2010-1221 | CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.Per: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869 \'The first vulnerability, CVE-2010-1221, occurs due to a lack of authentication. An attacker can make a SOAP request to enumerate user names. This vulnerability has a low risk rating and affects r12.0 and r12.5 XOsoft products.\' | Medium | Apr 8, 2010 |
CVE-2012-5973 | CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. | High | Dec 11, 2012 |
CVE-2018-8954 | CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | HIGH | Apr 12, 2018 |
CVE-2018-8953 | CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | MEDIUM | Apr 12, 2018 |
CVE-2020-28421 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | MEDIUM | Nov 23, 2020 |
CVE-2020-8010 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | HIGH | Feb 19, 2020 |
CVE-2020-8011 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service. | MEDIUM | Feb 19, 2020 |
CVE-2020-8012 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | HIGH | Feb 19, 2020 |
CVE-2018-14597 | CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | MEDIUM | Oct 18, 2018 |
CVE-2015-2828 | CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | High | Apr 13, 2015 |