Branch sisyphus update bulletin.

Package cacti updated to version 0.8.8b-alt2 for branch sisyphus in task 119273.

Published: 2014-03-27
Modified: 2025-04-12

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Published: 2014-04-23
Modified: 2025-04-12

CVE-2014-2328

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Published: 2014-04-10
Modified: 2025-04-12

CVE-2014-2708

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2014-04-23
Modified: 2025-04-12

CVE-2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Version: 2.1.2

Branch sisyphus update on 2014-05-07

ALT-BU-2014-2755-1

ALT-PU-2014-1594-1

Closed vulnerabilities

CVE-2014-2326

CVE-2014-2328

CVE-2014-2708

CVE-2014-2709