Known Vulnerabilities for products from The Cacti Group
Listed below are 15 of the newest known vulnerabilities associated with the vendor "The Cacti Group".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2007-3113 json | Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) v... | 6.8 - MEDIUM | 2007-06-07 | 2017-07-29 |
| CVE-2007-3112 json | graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service ... | 7.8 - HIGH | 2007-06-07 | 2017-07-29 |
| CVE-2006-6799 json | SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execu... | 7.5 - HIGH | 2006-12-28 | 2018-10-17 |
| CVE-2006-0147 json | Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple produ... | 7.5 - HIGH | 2006-01-09 | 2018-10-19 |
| CVE-2006-0146 json | The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3)... | 7.5 - HIGH | 2006-01-09 | 2018-10-19 |
| CVE-2005-2149 json | config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session informa... | 10 - HIGH | 2005-07-06 | 2011-03-08 |
| CVE-2005-2148 json | Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote atta... | 7.5 - HIGH | 2005-07-06 | 2017-07-11 |
| CVE-2005-1526 json | PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbi... | 7.5 - HIGH | 2005-06-22 | 2017-07-11 |
| CVE-2005-1525 json | SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL c... | 7.5 - HIGH | 2005-06-22 | 2017-07-11 |
| CVE-2005-1524 json | PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attacker... | 5 - MEDIUM | 2005-06-22 | 2017-07-11 |
| CVE-2004-1737 json | SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and b... | 7.5 - HIGH | 2004-08-16 | 2017-07-11 |
| CVE-2004-1736 json | Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (... | 5 - MEDIUM | 2004-12-31 | 2017-07-11 |
| CVE-2002-1479 json | Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, whi... | 4.6 - MEDIUM | 2003-04-22 | 2017-07-19 |
| CVE-2002-1478 json | Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. | 10 - HIGH | 2003-04-22 | 2008-09-05 |
| CVE-2002-1477 json | graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell met... | 7.5 - HIGH | 2003-04-22 | 2008-09-05 |