FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6167b341-250c-11e6-a6fb-003048f2e514cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports:

Changelog

  • bug:0002667: Cacti SQL Injection Vulnerability
  • bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability
  • bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression)

Discovery 2016-04-04
Entry 2016-05-28
cacti
< 0.8.8h

CVE-2016-3659
http://www.cacti.net/release_notes_0_8_8h.php
http://bugs.cacti.net/view.php?id=2673
http://seclists.org/fulldisclosure/2016/Apr/4
http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html
db3301be-e01c-11e5-b2bd-002590263bf5cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports:

Changelog

  • bug:0002652: CVE-2015-8604: SQL injection in graphs_new.php
  • bug:0002655: CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php
  • bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access

Discovery 2016-02-21
Entry 2016-03-02
cacti
< 0.8.8g

CVE-2015-8377
CVE-2015-8604
CVE-2016-2313
http://www.cacti.net/release_notes_0_8_8g.php
http://bugs.cacti.net/view.php?id=2652
http://bugs.cacti.net/view.php?id=2655
http://bugs.cacti.net/view.php?id=2656
http://www.openwall.com/lists/oss-security/2016/02/09/3
cd2dc126-cfe4-11ea-9172-4c72b94353b5Cacti -- multiple vulnerabilities

Cacti developers reports:

Multiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).

PHPMail contains a escaping bug (CVE-2020-13625).

SQL Injection via color.php in Cacti (CVE-2020-14295).


Discovery 2020-07-15
Entry 2020-07-27
cacti
< 1.2.13

https://www.cacti.net/release_notes.php?version=1.2.13
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
CVE-2020-11022
CVE-2020-11023
CVE-2020-13625
CVE-2020-14295
e1cb9dc9-daa9-44db-adde-e94d900e2f7fcacti -- Cross Site Scripting issue

cacti developers report:

The file include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.


Discovery 2017-10-10
Entry 2017-10-19
cacti
< 1.1.26

http://www.securitytracker.com/id/1039569
https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
https://github.com/Cacti/cacti/issues/1010
CVE-2017-15194
ed18aa92-e4f4-11e9-b6fa-3085a9a95629cacti -- Authenticated users may bypass authorization checks

The cacti developers reports:

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.


Discovery 2019-09-23
Entry 2019-10-02
cacti
< 1.2.7

CVE-2019-16723
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7
db570002-ce06-11e7-804e-c85b763a2f96cacti -- multiple vulnerabilities

cacti reports:

Changelog

issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions

issue#1066: CVE-2017-16660 in remote_agent.php logging function

issue#1066: CVE-2017-16661 in view log file

issue#1071: CVE-2017-16785 in global_session.php Reflection XSS


Discovery 2017-11-01
Entry 2017-11-20
cacti
< 1.1.28

CVE-2017-16641
CVE-2017-16660
CVE-2017-16661
CVE-2017-16785
https://sourceforge.net/p/cacti/mailman/message/36122745/
0bfda05f-2e6f-11e5-a4a5-002590263bf5cacti -- Multiple XSS and SQL injection vulnerabilities

The Cacti Group, Inc. reports:

Important Security Fixes

  • Multiple XSS and SQL injection vulnerabilities
  • CVE-2015-4634 - SQL injection in graphs.php

Changelog

  • bug: Fixed various SQL Injection vectors
  • bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
  • bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
  • bug#0002579: SQL Injection Vulnerabilities in data sources
  • bug#0002580: SQL Injection in cdef.php
  • bug#0002582: SQL Injection in data_templates.php
  • bug#0002583: SQL Injection in graph_templates.php
  • bug#0002584: SQL Injection in host_templates.php

Discovery 2015-07-12
Entry 2015-07-20
cacti
< 0.8.8e

CVE-2015-4634
ports/201702
http://www.cacti.net/release_notes_0_8_8e.php
http://seclists.org/oss-sec/2015/q3/150
bb961ff3-b3a4-11e5-8255-5453ed2e2b49cacti -- SQL injection vulnerabilities

NVD reports:

SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.


Discovery 2015-12-05
Entry 2016-01-05
cacti
le 0.8.8f_1

CVE-2015-8369
http://bugs.cacti.net/view.php?id=2646
http://svn.cacti.net/viewvc?view=rev&revision=7767
http://seclists.org/fulldisclosure/2015/Dec/8
86224a04-26de-11ea-97f2-001a8c5c04b6cacti -- multiple vulnerabilities

The cacti developers reports:

When viewing graphs, some input variables are not properly checked (SQL injection possible).

Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.


Discovery 2019-10-12
Entry 2020-01-06
cacti
< 1.2.8

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8
CVE-2019-17357
CVE-2019-17358
ports/242834
a3929112-181b-11e5-a1cf-002590263bf5cacti -- Multiple XSS and SQL injection vulnerabilities

The Cacti Group, Inc. reports:

Important Security Fixes

  • Multiple XSS and SQL injection vulnerabilities

Changelog

  • bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
  • bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
  • bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
  • bug#0002572: SQL injection in graph template

Discovery 2015-06-09
Entry 2015-06-21
cacti
< 0.8.8d

CVE-2015-4342
ports/200963
http://www.cacti.net/release_notes_0_8_8d.php
http://seclists.org/fulldisclosure/2015/Jun/19
cd864f1a-8e5a-11ea-b5b4-641c67a117d8cacti -- XSS exposure

Cacti developer reports:

Lack of escaping of color items can lead to XSS exposure.


Discovery 2020-04-16
Entry 2020-05-04
cacti
< 1.2.12

https://sourceforge.net/p/cacti/mailman/message/37000502/
https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG
CVE-2020-7106
ports/246164
e2b564fc-7462-11ea-af63-38d547003487cacti -- multiple vulnerabilities

The Cacti developers reports:

When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813).

Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106).

Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237).


Discovery 2020-02-04
Entry 2020-04-02
cacti
< 1.2.10

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10
https://nvd.nist.gov/vuln/detail/CVE-2020-8813
https://nvd.nist.gov/vuln/detail/CVE-2020-7106
https://nvd.nist.gov/vuln/detail/CVE-2020-7237
CVE-2020-8813
CVE-2020-7106
CVE-2020-7237
ports/245198
59c284f4-8d2e-11ed-9ce0-b42e991fc52enet-mgmt/cacti is vulnerable to remote command injection

cacti team reports:

A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.


Discovery 2022-12-05
Entry 2023-01-05
Modified 2023-01-09
cacti
< 1.2.23

CVE-2022-46169
https://nvd.nist.gov/vuln/detail/CVE-2022-46169