 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.130073 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2015-0306) |
| Resumen: | The remote host is missing an update for the 'cacti' package(s) announced via the MGASA-2015-0306 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'cacti' package(s) announced via the MGASA-2015-0306 advisory. Vulnerability Insight: Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2015-2665). SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id (CVE-2015-4342). SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php (CVE-2015-4454). SQL injection vulnerability in Cacti before 0.8.8e in graphs.php (CVE-2015-4634). The cacti package has been updated to version 0.8.8e, which fixes this issue, as well as other SQL injection and XSS issues and other bugs Affected Software/OS: 'cacti' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2665 BugTraq ID: 75309 http://www.securityfocus.com/bid/75309 Debian Security Information: DSA-3295 (Google Search) http://www.debian.org/security/2015/dsa-3295 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html http://www.fortiguard.com/advisory/FG-VD-15-017/ http://www.securitytracker.com/id/1032672 Common Vulnerability Exposure (CVE) ID: CVE-2015-4342 BugTraq ID: 75108 http://www.securityfocus.com/bid/75108 http://seclists.org/fulldisclosure/2015/Jun/19 http://packetstormsecurity.com/files/132224/Cacti-SQL-Injection-Header-Injection.html SuSE Security Announcement: openSUSE-SU-2015:1133 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00052.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4454 BugTraq ID: 75270 http://www.securityfocus.com/bid/75270 Common Vulnerability Exposure (CVE) ID: CVE-2015-4634 Debian Security Information: DSA-3312 (Google Search) http://www.debian.org/security/2015/dsa-3312 http://www.securitytracker.com/id/1032989 SuSE Security Announcement: openSUSE-SU-2015:1285 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00052.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |