This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
04104985-d846-11de-84e4-00215af774f0 | cacti -- cross-site scripting issues The cacti development team reports:
Discovery 2009-11-21 Entry 2009-11-23 Modified 2010-05-02 cacti < 0.8.7e4 CVE-2009-4032 http://docs.cacti.net/#cross-site_scripting_fixes |
0bfda05f-2e6f-11e5-a4a5-002590263bf5 | cacti -- Multiple XSS and SQL injection vulnerabilities The Cacti Group, Inc. reports:
Discovery 2015-07-12 Entry 2015-07-20 cacti < 0.8.8e CVE-2015-4634 ports/201702 http://www.cacti.net/release_notes_0_8_8e.php http://seclists.org/oss-sec/2015/q3/150 |
1cf00643-ed8a-11d9-8310-0001020eed82 | cacti -- multiple vulnerabilities Stefan Esser reports:
Discovery 2005-06-22 Entry 2005-07-05 cacti < 0.8.6f http://marc.theaimsgroup.com/?l=bugtraq&m=111954136315248 http://www.hardened-php.net/advisory-032005.php http://www.hardened-php.net/advisory-042005.php http://www.hardened-php.net/advisory-052005.php |
41da2ba4-a24e-11db-bd24-000f3dcc6a5d | cacti -- Multiple vulnerabilities Secunia reports:
Discovery 2006-12-28 Entry 2007-01-12 cacti < 0.8.6i.4 http://secunia.com/advisories/23528/ http://forums.cacti.net/about18846-0-asc-0.html |
5198ef84-4fdc-11df-83fb-0015587e2cc1 | cacti -- SQL injection and command execution vulnerabilities Bonsai information security reports:
The same source also reported a command execution vulnerability. This second issue can be exploited by Cacti users who have the rights to modify device or graph configurations. Discovery 2010-04-21 Entry 2010-04-24 Modified 2013-06-16 cacti le 0.8.7e4 CVE-2010-1431 ports/146021 http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.php http://www.debian.org/security/2010/dsa-2039 |
6167b341-250c-11e6-a6fb-003048f2e514 | cacti -- multiple vulnerabilities The Cacti Group, Inc. reports:
Discovery 2016-04-04 Entry 2016-05-28 cacti < 0.8.8h CVE-2016-3659 http://www.cacti.net/release_notes_0_8_8h.php http://bugs.cacti.net/view.php?id=2673 http://seclists.org/fulldisclosure/2016/Apr/4 http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html |
79c1154d-d5a5-11da-8098-00123ffe8333 | cacti -- ADOdb "server.php" Insecure Test Script Security Issue Secunia reports:
Discovery 2006-01-09 Entry 2006-04-27 cacti < 0.8.6h http://secunia.com/advisories/18276/ http://secunia.com/advisories/17418/ |
86224a04-26de-11ea-97f2-001a8c5c04b6 | cacti -- multiple vulnerabilities The cacti developers reports:
Discovery 2019-10-12 Entry 2020-01-06 cacti < 1.2.8 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8 CVE-2019-17357 CVE-2019-17358 ports/242834 |
96948a6a-e239-11d9-83cf-0010dc5df42d | cacti -- potential SQL injection and cross site scripting attacks iDEFENSE security group disclosed potential SQL injection attacks from unchecked user input and two security holes regarding potential cross site scripting attacks Discovery 2005-06-21 Entry 2005-06-21 cacti le 0.8.6d http://www.cacti.net/release_notes_0_8_6e.php |
a0e74731-181b-11e5-a1cf-002590263bf5 | cacti -- multiple security vulnerabilities The Cacti Group, Inc. reports:
Discovery 2014-11-23 Entry 2015-06-21 cacti < 0.8.8c CVE-2013-5588 CVE-2013-5589 CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-4002 CVE-2014-5025 CVE-2014-5026 ports/198586 http://sourceforge.net/p/cacti/mailman/message/33072838/ http://www.cacti.net/release_notes_0_8_8c.php |
a3929112-181b-11e5-a1cf-002590263bf5 | cacti -- Multiple XSS and SQL injection vulnerabilities The Cacti Group, Inc. reports:
Discovery 2015-06-09 Entry 2015-06-21 cacti < 0.8.8d CVE-2015-4342 ports/200963 http://www.cacti.net/release_notes_0_8_8d.php http://seclists.org/fulldisclosure/2015/Jun/19 |
b3b8d491-0fbb-11e3-8c50-1c6f65c11ee6 | cacti -- allow remote attackers to execute arbitrary SQL commands Cacti release reports:
Discovery 2013-08-06 Entry 2013-08-29 cacti < 0.8.8b CVE-2013-1434 CVE-2013-1435 http://www.cacti.net/release_notes_0_8_8b.php |
bb961ff3-b3a4-11e5-8255-5453ed2e2b49 | cacti -- SQL injection vulnerabilities NVD reports:
Discovery 2015-12-05 Entry 2016-01-05 cacti le 0.8.8f_1 CVE-2015-8369 http://bugs.cacti.net/view.php?id=2646 http://svn.cacti.net/viewvc?view=rev&revision=7767 http://seclists.org/fulldisclosure/2015/Dec/8 |
ca543e06-207a-11d9-814e-0001020eed82 | cacti -- SQL injection Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magic_quotes_gpc is set to On, which is the default for PHP in FreeBSD. Discovery 2004-08-16 Entry 2004-10-17 cacti < 0.8.6 http://marc.theaimsgroup.com/?l=full-disclosure&m=109269427427368 |
cd2dc126-cfe4-11ea-9172-4c72b94353b5 | Cacti -- multiple vulnerabilities Cacti developers reports:
Discovery 2020-07-15 Entry 2020-07-27 cacti < 1.2.13 https://www.cacti.net/release_notes.php?version=1.2.13 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295 CVE-2020-11022 CVE-2020-11023 CVE-2020-13625 CVE-2020-14295 |
cd864f1a-8e5a-11ea-b5b4-641c67a117d8 | cacti -- XSS exposure Cacti developer reports:
Discovery 2020-04-16 Entry 2020-05-04 cacti < 1.2.12 https://sourceforge.net/p/cacti/mailman/message/37000502/ https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG CVE-2020-7106 ports/246164 |
db3301be-e01c-11e5-b2bd-002590263bf5 | cacti -- multiple vulnerabilities The Cacti Group, Inc. reports:
Discovery 2016-02-21 Entry 2016-03-02 cacti < 0.8.8g CVE-2015-8377 CVE-2015-8604 CVE-2016-2313 http://www.cacti.net/release_notes_0_8_8g.php http://bugs.cacti.net/view.php?id=2652 http://bugs.cacti.net/view.php?id=2655 http://bugs.cacti.net/view.php?id=2656 http://www.openwall.com/lists/oss-security/2016/02/09/3 |
db570002-ce06-11e7-804e-c85b763a2f96 | cacti -- multiple vulnerabilities cacti reports:
Discovery 2017-11-01 Entry 2017-11-20 cacti < 1.1.28 CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 https://sourceforge.net/p/cacti/mailman/message/36122745/ |
dc3c66e8-6a18-11e7-93af-005056925db4 | Cacti -- Cross-site scripting (XSS) vulnerability in link.php kimiizhang reports:
Discovery 2017-07-05 Entry 2017-07-17 cacti ge 1.0.0 lt 1.1.13 https://github.com/Cacti/cacti/issues/838 https://www.cacti.net/release_notes.php?version=1.1.13 CVE-2017-10970 |
dea7df85-d96c-11dc-9bfc-000e0c092e7a | cacti -- Multiple security vulnerabilities have been discovered The cacti development team reports:
Discovery 2008-02-12 Entry 2008-02-12 cacti < 0.8.7b http://forums.cacti.net/about25749.html |
e02e6a4e-6b26-11df-96b2-0015587e2cc1 | cacti -- multiple vulnerabilities Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows:
Discovery 2010-05-24 Entry 2010-06-24 cacti < 0.8.7f http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html http://www.cacti.net/release_notes_0_8_7f.php http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php http://www.vupen.com/english/advisories/2010/1204 |
e1cb9dc9-daa9-44db-adde-e94d900e2f7f | cacti -- Cross Site Scripting issue cacti developers report:
Discovery 2017-10-10 Entry 2017-10-19 cacti < 1.1.26 http://www.securitytracker.com/id/1039569 https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd https://github.com/Cacti/cacti/issues/1010 CVE-2017-15194 |
e2b564fc-7462-11ea-af63-38d547003487 | cacti -- multiple vulnerabilities The Cacti developers reports:
Discovery 2020-02-04 Entry 2020-04-02 cacti < 1.2.10 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10 https://nvd.nist.gov/vuln/detail/CVE-2020-8813 https://nvd.nist.gov/vuln/detail/CVE-2020-7106 https://nvd.nist.gov/vuln/detail/CVE-2020-7237 CVE-2020-8813 CVE-2020-7106 CVE-2020-7237 ports/245198 |
e4cd0b38-c9f9-11eb-87e1-08002750c711 | cacti -- SQL Injection was possible due to incorrect validation order Cati team reports:
Discovery 2020-12-24 Entry 2021-06-10 Modified 2021-06-24 cacti ge 1.2 lt 1.2.17 CVE-2020-35701 https://github.com/Cacti/cacti/issues/4022 |
ed18aa92-e4f4-11e9-b6fa-3085a9a95629 | cacti -- Authenticated users may bypass authorization checks The cacti developers reports:
Discovery 2019-09-23 Entry 2019-10-02 cacti < 1.2.7 CVE-2019-16723 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7 |
f08e2c15-ffc9-11e0-b0f3-bcaec565249c | cacti -- Multiple vulnerabilities Cacti Group reports:
Discovery 2011-09-26 Entry 2011-10-26 cacti < 0.8.7h http://www.cacti.net/release_notes_0_8_7h.php |
f86d0e5d-7467-11e7-93af-005056925db4 | Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php kimiizhang reports:
Discovery 2017-07-20 Entry 2017-07-29 cacti eq 1.1.13 https://github.com/Cacti/cacti/issues/867 https://www.cacti.net/release_notes.php?version=1.1.14 CVE-2017-11691 |