Publishing details

• Published on 2016-12-16
• Copied from ubuntu trusty in Private PPA for Ubuntu Security Team

Changelog

cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium

  * Security update (LP: #1210822):
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef
      id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
    - CVE-2014-5261 Unsufficient input sanitation leads to shell command
      injection possibilities
    - CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
      injection attack scenarios
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Sat, 27 Jun 2015 14:25:12 +0200

Builds

• i386

Package files

• cacti_0.8.8b+dfsg-5ubuntu0.1.debian.tar.gz (124.2 KiB)
• cacti_0.8.8b+dfsg-5ubuntu0.1.dsc (2.0 KiB)
• cacti_0.8.8b+dfsg.orig.tar.bz2 (2.0 MiB)