[ubuntu/trusty-security] cacti 0.8.8b+dfsg-5ubuntu0.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Wed Jul 1 07:14:57 UTC 2015
cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium
* Security update (LP: #1210822):
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
- CVE-2014-5261 Unsufficient input sanitation leads to shell command
injection possibilities
- CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
injection attack scenarios
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
Date: 2015-07-01 06:15:12.725698+00:00
Changed-By: Paul Gevers <paul at climbing.nl>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/cacti/0.8.8b+dfsg-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list