cacti is vulnerable to OS command injection. Multiple command injection flaws were discovered in Cacti. An authenticated user with certain administrative privileges could use these flaws to execute arbitrary commands on the Cacti server with the privileges of the web server user.
CPE | Name | Operator | Version |
---|---|---|---|
python-psycopg2 | eq | 2.0.6__1.el5ipa | |
python-psycopg2 | eq | 2.0.6__1.el5ipa |
secunia.com/advisories/41041
svn.cacti.net/viewvc?view=rev&revision=5778
svn.cacti.net/viewvc?view=rev&revision=5782
svn.cacti.net/viewvc?view=rev&revision=5784
www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
www.cacti.net/release_notes_0_8_7f.php
www.mandriva.com/security/advisories?name=MDVSA-2010:160
www.redhat.com/security/updates/classification/#important
www.vupen.com/english/advisories/2010/2132
access.redhat.com/errata/RHSA-2010:0635
bugzilla.redhat.com/show_bug.cgi?id=609115
rhn.redhat.com/errata/RHSA-2010-0635.html