Date: Sun, 19 Jul 2015 23:44:11 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201702] net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634) Message-ID: <bug-201702-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201702 Bug ID: 201702 Summary: net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: jason.unovitch@gmail.com CC: freebsd-ports@dan.me.uk Flags: maintainer-feedback?(freebsd-ports@dan.me.uk) CC: freebsd-ports@dan.me.uk Maintainer of net-mgmt/cacti, Cacti 0.8.8e was released featuring multiple security fixes. Release Notes - 0.8.8e Important Security Fixes Multiple XSS and SQL injection vulnerabilities CVE-2015-4634 - SQL injection in graphs.php Changelog bug: Fixed issue with graph zooming failing to work bug: Fixed various SQL Injection vectors bug#0002569: Impossible to have a URL pointing directly to a graph bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items bug#0002577: CVE-2015-4634 - SQL injection in graphs.php bug#0002579: SQL Injection Vulnerabilities in data sources bug#0002580: SQL Injection in cdef.php bug#0002582: SQL Injection in data_templates.php bug#0002583: SQL Injection in graph_templates.php bug#0002584: SQL Injection in host_templates.php bug#0002586: Cannot delete data sources from the GUI bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down bug#0002597: Incorrect value in Hosts column on Host Templates page bug#0002598: Incorrect row number in Devices -> (Edit) page -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201702-13>