All errata/sisyphus/ALT-PU-2014-1594-1
ALT-PU-2014-1594-1

Package update cacti in branch sisyphus

Version0.8.8b-alt2
Task#119273
Published2014-05-06
Max severityHIGH
Severity:

Closed issues (4)

CVE-2014-2326
MEDIUM4.3

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 2014-03-27Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2014-2328
MEDIUM6.5

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Published: 2014-04-23Modified: 2025-04-12
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P
References
CVE-2014-2708
HIGH7.5

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Published: 2014-04-10Modified: 2025-04-12
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
CVE-2014-2709
HIGH7.5

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

Published: 2014-04-23Modified: 2025-04-12
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References