ALT-PU-2017-1195-1
Closed vulnerabilities
Published: 2017-11-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-4000
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://forums.cacti.net/viewtopic.php?f=4&t=56794
- https://forums.cacti.net/viewtopic.php?f=4&t=56794
- GLSA-201711-10
- GLSA-201711-10
- https://security-tracker.debian.org/tracker/CVE-2014-4000
- https://security-tracker.debian.org/tracker/CVE-2014-4000
- https://www.cacti.net/release_notes_1_0_0.php
- https://www.cacti.net/release_notes_1_0_0.php
Published: 2017-11-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10700
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://bugs.cacti.net/view.php?id=2697
- http://bugs.cacti.net/view.php?id=2697
- http://www.cacti.net/release_notes_1_0_0.php
- http://www.cacti.net/release_notes_1_0_0.php
- https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
- https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
- https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697
- https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697