Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version). The vulnerabilities include SQL injection and possible remote code execution. There is public proof-of-concept code available. If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.
Secunia bullentin: http://secunia.com/advisories/23528/
Cacti home: http://www.cacti.net
Jim Clausing, jclausing %% at %% isc dot sans dot org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019
Dec 29th 2006
1 decade ago