cacti

• Author: kikadf
• Vulnerable: 0.8.8b-1
• Unaffected: 0.8.8b-2arcturus1

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1435
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5588
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5589
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2328
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2708
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2709
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4002