|
|
CVE Reference: CVE-2005-2149 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-2149 |
|
|
Description: config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. |
|
|
CVE Status: Candidate |
|
|
References: ST 1014361 MLIST http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1 MISC http://www.hardened-php.net/advisory-052005.php DEBIAN http://www.debian.org/security/2005/dsa-764 CONFIRM http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch BUGTRAQ http://www.securityfocus.com/archive/1/404040 BID 14130 |
|
| Return to the previous page. |
