Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a…
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
Размер: 50х75 см. Состав: 10060/10 кл% хлопок. Производитель: Gamma. Тип канвы: аида. Count: 16ct. Тип расцветки: однотонная. Оттенки: бежевый. Count 16ct Оттенки бежевый Производитель Gamma Размер 50х75 см Состав 10060/10 кл% хлопок Тип канвы аида Тип расцветки однотонная в наличии...ДАЛЕЕ
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the…