Debian Cacti vulnerabilities

CVE-2018-20724 [MEDIUM] CVE-2018-20724: cacti - A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before... A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. Scope: local bookworm: resolved (fixed in 1.2.1+ds1-1) bullseye: resolved (fixed in 1.2.1+ds1-1) forky: resolved (fixed in 1.2.1+ds1-1) sid: resolved (fixed in 1.2.1+ds1-1) trixie: resolv

CVE-2018-10060 [MEDIUM] CVE-2018-10060: cacti - Cacti before 1.1.37 has XSS because it does not properly reject unintended chara... Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. Scope: local bookworm: resolved (fixed in 1.1.37+ds1-1) bullseye: resolved (fixed in 1.1.37+ds1-1) forky: resolved (fixed in 1.1.37+ds1-1) sid: resolved (fixed in 1.1.37+ds1-1) trixie: resolved (fixed in 1.1.37+ds1-

CVE-2018-20723 [MEDIUM] CVE-2018-20723: cacti - A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cact... A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. Scope: local bookworm: resolved (fixed in 1.2.1+ds1-1) bullseye: resolved (fixed in 1.2.1+ds1-1) forky: resolved (fixed in 1.2.1+ds1-1) sid: resolved (fixed in 1.2.1+ds1-1) trixie: resolved (fi

CVE-2017-12065 [CRITICAL] CVE-2017-12065: cacti - spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arb... spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. Scope: local bookworm: resolved (fixed in 1.1.16+ds1-1) bullseye: resolved (fixed in 1.1.16+ds1-1) forky: resolved (fixed in 1.1.16+ds1-1) sid: resolved (fixed in 1.1.16+ds1-1) trixie: resolved (fixed in 1.1.16+ds1-1)

CVE-2017-16641 [HIGH] CVE-2017-16641: cacti - lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execut... lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. Scope: local bookworm: resolved (fixed in 1.1.27+ds1-3) bullseye: resolved (fixed in 1.1.27+ds1-3) forky: resolved (fixed in 1.1.27+ds1-3) sid: resolved (fixed in 1.1.27+ds1-3) trixie: resolve

CVE-2017-1000031 [HIGH] CVE-2017-1000031: cacti - SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows... SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. Scope: local bookworm: resolved (fixed in 0.8.8e+ds1-1) bullseye: resolved (fixed in 0.8.8e+ds1-1) forky: resolved (fixed in 0.8.8e+ds1-1) sid: resolved (fixed in 0.8.8

CVE-2017-16660 [HIGH] CVE-2017-16660: cacti - Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code E... Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. Scope: local bookworm: resolved (fixed in 1.1.27+ds1-3) bullseye: resolved (fixed in 1.1.27+ds1-3) forky: resolved (fixed in 1.1.27+ds1-3) sid:

CVE-2017-16661 [MEDIUM] CVE-2017-16661: cacti - Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files ... Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. Scope: local bookworm: resolved (fixed in 1.1.27+ds1-3) bullseye: resolved (fixed in 1.1.27+ds1-3) forky: r

CVE-2017-12927 [MEDIUM] CVE-2017-12927: cacti - A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parame... A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Scope: local bookworm: resolved (fixed in 1.1.17+ds1-2) bullseye: resolved (fixed in 1.1.17+ds1-2) forky: resolved (fixed in 1.1.17+ds1-2) sid: resolved (fixed in 1.1.17+ds1-2) trixie: resolved (fixed in 1.1.17+ds1-2)

CVE-2017-16785 [MEDIUM] CVE-2017-16785: cacti - Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. Scope: local bookworm: resolved (fixed in 1.1.27+ds1-3) bullseye: resolved (fixed in 1.1.27+ds1-3) forky: resolved (fixed in 1.1.27+ds1-3) sid: resolved (fixed in 1.1.27+ds1-3) trixie: resolved (fixed in 1.1.27+ds1-3)

CVE-2017-1000032 [MEDIUM] CVE-2017-1000032: cacti - Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attacker... Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. Scope: local bookworm: resolved (fixed in 0.8.8b+dfsg-6) bullseye: resolved (fixed in 0.8.8b+dfsg-6) forky: resolved (fixed in 0.8.8b+dfsg-6) sid: resolved (

CVE-2017-15194 [MEDIUM] CVE-2017-15194: cacti - include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2)... include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. Scope: local bookworm: resolved (fixed in 1.1.25+ds1-1) bullseye: resolved (fixed in 1.1.25+ds1-1) forky: resolved (fixed in 1.1.25+ds1-1) sid: resolved (fixed in 1.1.25+ds1-1) trixie: resolved (fixed in 1.1.25+ds1-1)

CVE-2017-11163 [MEDIUM] CVE-2017-11163: cacti - Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12... Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. Scope: local bookworm: resolved (fixed in 1.1.12+ds1-1) bullseye: resolved (fixed in 1.1.12+ds1-1) forky: resolved (fixed in 1.1.12+d

CVE-2017-12978 [MEDIUM] CVE-2017-12978: cacti - lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external l... lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. Scope: local bookworm: resolved (fixed in 1.1.18+ds1-1) bullseye: resolved (fixed in 1.1.18+ds1-1) forky: resolved (fixed in 1.1.18+ds1-1) sid: resolved (fixed in 1.1.18+ds1-1) trixie: resolved (fixed in 1.1.18+ds1-1)

CVE-2017-11691 [MEDIUM] CVE-2017-11691: cacti - Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 all... Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Scope: local bookworm: resolved (fixed in 1.1.15+ds1-1) bullseye: resolved (fixed in 1.1.15+ds1-1) forky: resolved (fixed in 1.1.15+ds1-1) sid: resolved (fixed in 1.1.15+ds1-1) trixie:

CVE-2017-12066 [MEDIUM] CVE-2017-12066: cacti - Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before... Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163

CVE-2017-10970 [MEDIUM] CVE-2017-10970: cacti - Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remo... Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. Scope: local bookworm: resolved (fixed in 1.1.12+ds1-1) bullseye: resolved (fixed in 1.1.12+ds1-1) forky: resolved (fixed in 1.1.12+ds1-1

CVE-2016-10700 [HIGH] CVE-2016-10700: cacti - auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use w... auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. Scope: local bookworm: resolved (fixed in 0.8.8h+ds1-5) bull

CVE-2016-2313 [HIGH] CVE-2016-2313: cacti - auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use ... auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. Scope: local bookworm: resolved (fixed in 0.8.8g+ds1-1) bullseye: resolved (fixed in 0.8.8g+ds1-1) forky: resolved (fixed in 0.8.8g+ds1-1) sid: resolved (fixed in 0.8.8g+ds1-1) trixie

CVE-2016-3172 [HIGH] CVE-2016-3172: cacti - SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remot... SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. Scope: local bookworm: resolved (fixed in 0.8.8g+ds1-2) bullseye: resolved (fixed in 0.8.8g+ds1-2) forky: resolved (fixed in 0.8.8g+ds1-2) sid: resolved (fixed in 0.8.8g+ds1-2) trixie: