-
cacti (0.8.8b+dfsg-5ubuntu0.2) trusty-security; urgency=medium
* Security update (backport patches from upstream)
- CVE-2014-4000 - PHP Object Injection Vulnerabilities
- CVE-2015-4634 - SQL injection vulnerability in graphs.php
- CVE-2015-8369 - SQL injection vulnerability in
include/top_graph_header.php
- CVE-2015-8377 - SQL injection vulnerability in host_new_graphs_save
- CVE-2015-8604 - SQL injection vulnerability in host_new_graphs
- CVE-2016-2313 - auth_login.php access restrictions could be bypassed
- CVE-2016-3172 - SQL injection vulnerability in tree.php
- CVE-2016-3659 - SQL injection vulnerability in graph_view.php
-- Paul Gevers <email address hidden> Sat, 11 Feb 2017 14:51:18 +0100
-
cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium
* Security update (LP: #1210822):
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
- CVE-2014-5261 Unsufficient input sanitation leads to shell command
injection possibilities
- CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
injection attack scenarios
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Sat, 27 Jun 2015 14:25:12 +0200
-
cacti (0.8.8b+dfsg-5) unstable; urgency=high
* Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)
-- Paul Gevers <email address hidden> Sun, 06 Apr 2014 19:59:12 +0200
-
cacti (0.8.8b+dfsg-3) unstable; urgency=low
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken
-- Paul Gevers <email address hidden> Tue, 27 Aug 2013 20:43:21 +0200
