Search for packages
| purl | pkg:alpm/archlinux/cacti@1.1.17-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-q88b-smmh-77ga
Aliases: CVE-2017-16660 |
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. |
Affected by 0 other vulnerabilities. |
|
VCID-qbvv-frc2-rqbk
Aliases: CVE-2017-16641 |
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. |
Affected by 0 other vulnerabilities. |
|
VCID-x1fg-6mq4-d7ds
Aliases: CVE-2017-16661 |
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. |
Affected by 0 other vulnerabilities. |
|
VCID-yjny-ubdp-7few
Aliases: CVE-2017-16785 |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:09.468852+00:00 | Arch Linux Importer | Affected by | VCID-qbvv-frc2-rqbk | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.442884+00:00 | Arch Linux Importer | Affected by | VCID-q88b-smmh-77ga | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.418790+00:00 | Arch Linux Importer | Affected by | VCID-x1fg-6mq4-d7ds | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.393930+00:00 | Arch Linux Importer | Affected by | VCID-yjny-ubdp-7few | https://security.archlinux.org/AVG-537 | 38.0.0 |