Search for packages
| purl | pkg:alpm/archlinux/cacti@1.1.28-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-q88b-smmh-77ga | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. |
CVE-2017-16660
|
| VCID-qbvv-frc2-rqbk | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. |
CVE-2017-16641
|
| VCID-x1fg-6mq4-d7ds | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. |
CVE-2017-16661
|
| VCID-yjny-ubdp-7few | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
CVE-2017-16785
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:09.472729+00:00 | Arch Linux Importer | Fixing | VCID-qbvv-frc2-rqbk | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.446713+00:00 | Arch Linux Importer | Fixing | VCID-q88b-smmh-77ga | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.422502+00:00 | Arch Linux Importer | Fixing | VCID-x1fg-6mq4-d7ds | https://security.archlinux.org/AVG-537 | 38.0.0 |
| 2026-04-01T18:26:09.398627+00:00 | Arch Linux Importer | Fixing | VCID-yjny-ubdp-7few | https://security.archlinux.org/AVG-537 | 38.0.0 |