Cacti remote code and SQL injection vulnerability
Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version). The vulnerabilities include SQL injection and possible remote code execution. There is public proof-of-concept code available. If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.
References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net
Jim Clausing, jclausing %% at %% isc dot sans dot org
References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net
Jim Clausing, jclausing %% at %% isc dot sans dot org
Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
×
Diary Archives
Comments