Index: vuln.xml =================================================================== --- vuln.xml (revision 390180) +++ vuln.xml (working copy) @@ -57,6 +57,92 @@ --> + + cacti -- Multiple XSS and SQL injection vulerabilities + + + cacti + 0.8.8d + + + + +

The Cacti Group, Inc. reports:

+
+

Important Security Fixes

+
    +
  • Multiple XSS and SQL injection vulerabilities
  • +
+

Changelog

+
    +
  • bug: Fixed SQL injection VN: JVN#78187936 / + TN:JPCERT#98968540
  • +
  • bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting + Vulnerability Notification
  • +
  • bug#0002571: SQL Injection and Location header injection from + cdef id CVE-2015-4342
  • +
  • bug#0002572: SQL injection in graph template
  • +
+
+ +
+ + CVE-2015-4342 + ports/200963 + http://www.cacti.net/release_notes_0_8_8d.php + http://seclists.org/fulldisclosure/2015/Jun/19 + + + 2015-06-09 + 2015-06-21 + +
+ + + cacti -- multiple security vulnerabilities + + + cacti + 0.8.8c + + + + +

The Cacti Group, Inc. reports:

+
+

Important Security Fixes

+
    +
  • CVE-2013-5588 - XSS issue via installer or device editing
  • +
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • +
  • CVE-2014-2326 - XSS issue via CDEF editing
  • +
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • +
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • +
  • CVE-2014-4002 - XSS issues in multiple files
  • +
  • CVE-2014-5025 - XSS issue via data source editing
  • +
  • CVE-2014-5026 - XSS issues in multiple files
  • +
+
+ +
+ + CVE-2013-5588 + CVE-2013-5589 + CVE-2014-2326 + CVE-2014-2327 + CVE-2014-2328 + CVE-2014-4002 + CVE-2014-5025 + CVE-2014-5026 + ports/198586 + http://sourceforge.net/p/cacti/mailman/message/33072838/ + http://www.cacti.net/release_notes_0_8_8c.php + + + 2014-11-23 + 2015-06-21 + +
+ p5-Dancer -- possible to abuse session cookie values