Attachment #157927 for bug #200963

View | Details | Raw Unified | Return to bug 200963 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="a3929112-181b-11e5-a1cf-002590263bf5">
    <topic>cacti -- Multiple XSS and SQL injection vulerabilities</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>0.8.8d</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Cacti Group, Inc. reports:</p>
	<blockquote cite="http://www.cacti.net/release_notes_0_8_8d.php">
	  <p>Important Security Fixes</p>
	  <ul>
	    <li>Multiple XSS and SQL injection vulerabilities</li>
	  </ul>
	  <p>Changelog</p>
	  <ul>
	    <li>bug: Fixed SQL injection VN: JVN#78187936 /
	       TN:JPCERT#98968540</li>
	    <li>bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting
	       Vulnerability Notification</li>
	    <li>bug#0002571: SQL Injection and Location header injection from
	       cdef id CVE-2015-4342</li>
	    <li>bug#0002572: SQL injection in graph template</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-4342</cvename>
      <freebsdpr>ports/200963</freebsdpr>
      <url>http://www.cacti.net/release_notes_0_8_8d.php</url>
      <mlist>http://seclists.org/fulldisclosure/2015/Jun/19</mlist>
    </references>
    <dates>
      <discovery>2015-06-09</discovery>
      <entry>2015-06-21</entry>
    </dates>
  </vuln>

  <vuln vid="a0e74731-181b-11e5-a1cf-002590263bf5">
    <topic>cacti -- multiple security vulnerabilities</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>0.8.8c</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Cacti Group, Inc. reports:</p>
	<blockquote cite="http://www.cacti.net/release_notes_0_8_8c.php">
	  <p>Important Security Fixes</p>
	  <ul>
	    <li>CVE-2013-5588 - XSS issue via installer or device editing</li>
	    <li>CVE-2013-5589 - SQL injection vulnerability in device editing</li>
	    <li>CVE-2014-2326 - XSS issue via CDEF editing</li>
	    <li>CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability</li>
	    <li>CVE-2014-2328 - Remote Command Execution Vulnerability in graph export</li>
	    <li>CVE-2014-4002 - XSS issues in multiple files</li>
	    <li>CVE-2014-5025 - XSS issue via data source editing</li>
	    <li>CVE-2014-5026 - XSS issues in multiple files</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-5588</cvename>
      <cvename>CVE-2013-5589</cvename>
      <cvename>CVE-2014-2326</cvename>
      <cvename>CVE-2014-2327</cvename>
      <cvename>CVE-2014-2328</cvename>
      <cvename>CVE-2014-4002</cvename>
      <cvename>CVE-2014-5025</cvename>
      <cvename>CVE-2014-5026</cvename>
      <freebsdpr>ports/198586</freebsdpr>
      <mlist>http://sourceforge.net/p/cacti/mailman/message/33072838/</mlist>
      <url>http://www.cacti.net/release_notes_0_8_8c.php</url>
    </references>
    <dates>
      <discovery>2014-11-23</discovery>
      <entry>2015-06-21</entry>
    </dates>
  </vuln>

  <vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
    <topic>p5-Dancer -- possible to abuse session cookie values</topic>
    <affects>

Return to bug 200963

Lines 57-62 Link Here

(-)vuln.xml (+86 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="a3929112-181b-11e5-a1cf-002590263bf5">
		61	<topic>cacti -- Multiple XSS and SQL injection vulerabilities</topic>
		62	<affects>
		63	<package>
		64	<name>cacti</name>
		65	<range><lt>0.8.8d</lt></range>
		66	</package>
		67	</affects>
		68	<description>
		69	<body xmlns="http://www.w3.org/1999/xhtml">
		70	<p>The Cacti Group, Inc. reports:</p>
		71	<blockquote cite="http://www.cacti.net/release_notes_0_8_8d.php">
		72	<p>Important Security Fixes</p>
		73	<ul>
		74	<li>Multiple XSS and SQL injection vulerabilities</li>
		75	</ul>
		76	<p>Changelog</p>
		77	<ul>
		78	<li>bug: Fixed SQL injection VN: JVN#78187936 /
		79	TN:JPCERT#98968540</li>
		80	<li>bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting
		81	Vulnerability Notification</li>
		82	<li>bug#0002571: SQL Injection and Location header injection from
		83	cdef id CVE-2015-4342</li>
		84	<li>bug#0002572: SQL injection in graph template</li>
		85	</ul>
		86	</blockquote>
		87	</body>
		88	</description>
		89	<references>
		90	<cvename>CVE-2015-4342</cvename>
		91	<freebsdpr>ports/200963</freebsdpr>
		92	<url>http://www.cacti.net/release_notes_0_8_8d.php</url>
		93	<mlist>http://seclists.org/fulldisclosure/2015/Jun/19</mlist>
		94	</references>
		95	<dates>
		96	<discovery>2015-06-09</discovery>
		97	<entry>2015-06-21</entry>
		98	</dates>
		99	</vuln>
		100
		101	<vuln vid="a0e74731-181b-11e5-a1cf-002590263bf5">
		102	<topic>cacti -- multiple security vulnerabilities</topic>
		103	<affects>
		104	<package>
		105	<name>cacti</name>
		106	<range><lt>0.8.8c</lt></range>
		107	</package>
		108	</affects>
		109	<description>
		110	<body xmlns="http://www.w3.org/1999/xhtml">
		111	<p>The Cacti Group, Inc. reports:</p>
		112	<blockquote cite="http://www.cacti.net/release_notes_0_8_8c.php">
		113	<p>Important Security Fixes</p>
		114	<ul>
		115	<li>CVE-2013-5588 - XSS issue via installer or device editing</li>
		116	<li>CVE-2013-5589 - SQL injection vulnerability in device editing</li>
		117	<li>CVE-2014-2326 - XSS issue via CDEF editing</li>
		118	<li>CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability</li>
		119	<li>CVE-2014-2328 - Remote Command Execution Vulnerability in graph export</li>
		120	<li>CVE-2014-4002 - XSS issues in multiple files</li>
		121	<li>CVE-2014-5025 - XSS issue via data source editing</li>
		122	<li>CVE-2014-5026 - XSS issues in multiple files</li>
		123	</ul>
124	</blockquote>
125	</body>
126	</description>
127	<references>
128	<cvename>CVE-2013-5588</cvename>
129	<cvename>CVE-2013-5589</cvename>
130	<cvename>CVE-2014-2326</cvename>
131	<cvename>CVE-2014-2327</cvename>
132	<cvename>CVE-2014-2328</cvename>
133	<cvename>CVE-2014-4002</cvename>
134	<cvename>CVE-2014-5025</cvename>
135	<cvename>CVE-2014-5026</cvename>
136	<freebsdpr>ports/198586</freebsdpr>
137	<mlist>http://sourceforge.net/p/cacti/mailman/message/33072838/</mlist>
138	<url>http://www.cacti.net/release_notes_0_8_8c.php</url>
139	</references>
140	<dates>
141	<discovery>2014-11-23</discovery>
142	<entry>2015-06-21</entry>
143	</dates>
144	</vuln>
145
60	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">	146	<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
61	<topic>p5-Dancer -- possible to abuse session cookie values</topic>	147	<topic>p5-Dancer -- possible to abuse session cookie values</topic>
62	<affects>	148	<affects>