FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- multiple vulnerabilities

Affected packages
		cacti	<	0.8.8h

Details

VuXML ID	6167b341-250c-11e6-a6fb-003048f2e514
Discovery	2016-04-04
Entry	2016-05-28

The Cacti Group, Inc. reports:

Changelog

bug:0002667: Cacti SQL Injection Vulnerability

bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability

bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression)

[source]

References

CVE Name	CVE-2016-3659
URL	http://bugs.cacti.net/view.php?id=2673
URL	http://packetstormsecurity.com/files/136547/Cacti-0.8.8g-SQL-Injection.html
URL	http://seclists.org/fulldisclosure/2016/Apr/4
URL	http://www.cacti.net/release_notes_0_8_8h.php