FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369793
Date:      2014-10-02
Time:      01:06:43Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b3b8d491-0fbb-11e3-8c50-1c6f65c11ee6cacti -- allow remote attackers to execute arbitrary SQL commands

Cacti release reports:

Multiple security vulnerabilities have been fixed:

  • SQL injection vulnerabilities

Discovery 2013-08-06
Entry 2013-08-29
cacti
lt 0.8.8b

CVE-2013-1434
CVE-2013-1435
http://www.cacti.net/release_notes_0_8_8b.php
f08e2c15-ffc9-11e0-b0f3-bcaec565249ccacti -- Multiple vulnabilites

Cacti Group reports:

SQL injection issue with user login, and cross-site scripting issues.


Discovery 2011-09-26
Entry 2011-10-26
cacti
lt 0.8.7h

http://www.cacti.net/release_notes_0_8_7h.php
f08e2c15-ffc9-11e0-b0f3-bcaec565249ccacti -- Multiple vulnabilites

Cacti Group reports:

SQL injection issue with user login, and cross-site scripting issues.


Discovery 2011-09-26
Entry 2011-10-26
cacti
lt 0.8.7h

http://www.cacti.net/release_notes_0_8_7h.php
5198ef84-4fdc-11df-83fb-0015587e2cc1cacti -- SQL injection and command execution vulnerabilities

Bonsai information security reports:

A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the "export_item_id" parameter to "templates_export.php" script is not properly sanitized before being used in a SQL query.

The same source also reported a command execution vulnerability. This second issue can be exploited by Cacti users who have the rights to modify device or graph configurations.


Discovery 2010-04-21
Entry 2010-04-24
Modified 2013-06-16
cacti
le 0.8.7e4

CVE-2010-1431
ports/146021
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php
http://www.debian.org/security/2010/dsa-2039
e02e6a4e-6b26-11df-96b2-0015587e2cc1cacti -- multiple vulnerabilities

Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows:

  • SQL injection and shell escaping issues
  • Cross-site scripting issues
  • Cacti Graph Viewer SQL injection vulnerability

Discovery 2010-05-24
Entry 2010-06-24
cacti
lt 0.8.7f

http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html
http://www.cacti.net/release_notes_0_8_7f.php
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.vupen.com/english/advisories/2010/1204
e02e6a4e-6b26-11df-96b2-0015587e2cc1cacti -- multiple vulnerabilities

Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows:

  • SQL injection and shell escaping issues
  • Cross-site scripting issues
  • Cacti Graph Viewer SQL injection vulnerability

Discovery 2010-05-24
Entry 2010-06-24
cacti
lt 0.8.7f

http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html
http://www.cacti.net/release_notes_0_8_7f.php
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.vupen.com/english/advisories/2010/1204