* Security update
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
-- Steve Beattie <email address hidden> Tue, 30 Jun 2015 11:47:36 -0700
This bug was fixed in the package cacti - 0.8.8b+ dfsg-8+ deb8u1build0. 15.04.1
--------------- dfsg-8+ deb8u1build0. 15.04.1) vivid-security; urgency=medium
cacti (0.8.8b+
* fake sync from Debian (LP: #1210822)
cacti (0.8.8b+ dfsg-8+ deb8u1) jessie-security; urgency=high
* Security update hash_graph_ template function in lib/functions.php in Cacti before .php.
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
-- Steve Beattie <email address hidden> Tue, 30 Jun 2015 11:47:36 -0700