Web application abuses : Cacti Multiple Input Validation Security Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100599

Categoría: Web application abuses

Título: Cacti Multiple Input Validation Security Vulnerabilities

Resumen: Cacti is prone to multiple input-validation vulnerabilities because it fails; to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.

Descripción: Summary:
Cacti is prone to multiple input-validation vulnerabilities because it fails
to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.

Vulnerability Impact:
Exploiting these issues can allow an attacker to compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Affected Software/OS:
Cacti 0.8.7e is vulnerable. Other versions may also be affected.

Solution:
Updates are available to address the SQL-injection issue. Please see the
references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1431
20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e
http://seclists.org/fulldisclosure/2010/Apr/272
39568
http://secunia.com/advisories/39568
39572
http://secunia.com/advisories/39572
39653
http://www.securityfocus.com/bid/39653
41041
http://secunia.com/advisories/41041
ADV-2010-0986
http://www.vupen.com/english/advisories/2010/0986
ADV-2010-1107
http://www.vupen.com/english/advisories/2010/1107
ADV-2010-2132
http://www.vupen.com/english/advisories/2010/2132
DSA-2039
http://www.debian.org/security/2010/dsa-2039
MDVSA-2010:092
http://www.mandriva.com/security/advisories?name=MDVSA-2010:092
RHSA-2010:0635
https://rhn.redhat.com/errata/RHSA-2010-0635.html
SUSE-SR:2010:011
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100599
Categoría:	Web application abuses
Título:	Cacti Multiple Input Validation Security Vulnerabilities
Resumen:	Cacti is prone to multiple input-validation vulnerabilities because it fails; to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues.
Descripción:	Summary: Cacti is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include SQL-injection and command-injection issues. Vulnerability Impact: Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Affected Software/OS: Cacti 0.8.7e is vulnerable. Other versions may also be affected. Solution: Updates are available to address the SQL-injection issue. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1431 20100421 Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e http://seclists.org/fulldisclosure/2010/Apr/272 39568 http://secunia.com/advisories/39568 39572 http://secunia.com/advisories/39572 39653 http://www.securityfocus.com/bid/39653 41041 http://secunia.com/advisories/41041 ADV-2010-0986 http://www.vupen.com/english/advisories/2010/0986 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-2132 http://www.vupen.com/english/advisories/2010/2132 DSA-2039 http://www.debian.org/security/2010/dsa-2039 MDVSA-2010:092 http://www.mandriva.com/security/advisories?name=MDVSA-2010:092 RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909 http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
Copyright	Copyright (C) 2010 Greenbone Networks GmbH