Web application abuses : Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103319

Categoría: Web application abuses

Título: Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Resumen: Cacti is prone to an SQL-injection vulnerability and a cross-site scripting;vulnerability because it fails to sufficiently sanitize user-supplied data.

Descripción: Summary:
Cacti is prone to an SQL-injection vulnerability and a cross-site scripting
vulnerability because it fails to sufficiently sanitize user-supplied data.

Vulnerability Impact:
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the
application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected Software/OS:
Cacti 0.8.7g is vulnerable. Other versions may also be affected.

Solution:
The vendor has released fixes. Please see the references for details.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4824
BugTraq ID: 50671
http://www.securityfocus.com/bid/50671
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069126.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069141.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069137.html
http://secunia.com/advisories/44133
http://secunia.com/advisories/46876
XForce ISS Database: cacti-unspecified-sql-injection(71326)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71326
Common Vulnerability Exposure (CVE) ID: CVE-2014-2326
BugTraq ID: 66390
http://www.securityfocus.com/bid/66390
Bugtraq: 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti (Google Search)
http://www.securityfocus.com/archive/1/531588
Debian Security Information: DSA-2970 (Google Search)
http://www.debian.org/security/2014/dsa-2970
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html
https://security.gentoo.org/glsa/201509-03
http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html
http://secunia.com/advisories/57647
http://secunia.com/advisories/59203
SuSE Security Announcement: openSUSE-SU-2015:0479 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103319
Categoría:	Web application abuses
Título:	Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities
Resumen:	Cacti is prone to an SQL-injection vulnerability and a cross-site scripting;vulnerability because it fails to sufficiently sanitize user-supplied data.
Descripción:	Summary: Cacti is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: Cacti 0.8.7g is vulnerable. Other versions may also be affected. Solution: The vendor has released fixes. Please see the references for details. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4824 BugTraq ID: 50671 http://www.securityfocus.com/bid/50671 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069126.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069141.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069137.html http://secunia.com/advisories/44133 http://secunia.com/advisories/46876 XForce ISS Database: cacti-unspecified-sql-injection(71326) https://exchange.xforce.ibmcloud.com/vulnerabilities/71326 Common Vulnerability Exposure (CVE) ID: CVE-2014-2326 BugTraq ID: 66390 http://www.securityfocus.com/bid/66390 Bugtraq: 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti (Google Search) http://www.securityfocus.com/archive/1/531588 Debian Security Information: DSA-2970 (Google Search) http://www.debian.org/security/2014/dsa-2970 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html https://security.gentoo.org/glsa/201509-03 http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 SuSE Security Announcement: openSUSE-SU-2015:0479 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
Copyright	Copyright (C) 2011 Greenbone Networks GmbH