During a bugtracking analysis I found several rxss vulnerabilities in different cacti parameter spread all over the application.
some are easily exploitable by get other by post request. For me it looks like input validation is seriously broken. feel free to contact me.
Search found 256 matches
- Fri Aug 12, 2011 9:38 am
- Forum: Help: General
- Topic: several xss vulnerabilities found
- Replies: 1
- Views: 449
- Tue Feb 15, 2011 6:30 am
- Forum: Help: General
- Topic: Help: HowTo fefine Spine Config Files
- Replies: 1
- Views: 651
Help: HowTo fefine Spine Config Files
HI there, I want to install a second instance of spine. The problem is, I can not configure spine in Cacti to use a special configuration file. I tried moving /etc/spine.conf and generating ../etc/spine.conf. Both failed. I tried to edit the util.h source code to force spine using an other configura...
- Mon Feb 14, 2011 6:02 am
- Forum: Help: Linux/Unix Specific
- Topic: Cacti Cutting new graphs
- Replies: 7
- Views: 1315
Re: Cacti Cutting new graphs
I have an other feeling on this, the cacti-guys enabled (after years of begging) 64 Bit - Counters in there basic interface templates (interface.xml change since 0.8.7.e nobody tell, update breaks database , big "thanks" to the guy who did that...) but they did not increase "max.value...
- Fri Feb 11, 2011 5:07 am
- Forum: Help: General
- Topic: Installed PIA 2.9 using File-Method but no PluginManagement
- Replies: 1
- Views: 363
Installed PIA 2.9 using File-Method but no PluginManagement
I installed PIA 2.9 using the documentation on http://docs.cacti.net/manual:087:1_installation.9_pia#installing_the_plugin_architecture_pia over a fresh installed cacti 0.8.7g I used the copy files method. Patched the MySQL using qa.sql. But the pluginmanagement option did not appear in the cacti co...
- Wed Feb 09, 2011 4:13 am
- Forum: Help: General
- Topic: URGENT: 75% of Datasources/Graphs no longer graphed!
- Replies: 4
- Views: 835
Re: URGENT: 75% of Datasources/Graphs no longer graphed!
Developers and Moderators on Hollyday?
- Tue Feb 08, 2011 4:12 am
- Forum: Help: General
- Topic: URGENT: 75% of Datasources/Graphs no longer graphed!
- Replies: 4
- Views: 835
Re: URGENT: 75% of Datasources/Graphs no longer graphed!
Can somebody please verify that the Spine-Debug-Output for "Insert poller_output" is truncated by default after 1000 Charakters. ############################################################## DEVDBG: SQL:'INSERT INTO poller_output (local_data_id, rrd_name, time, output) VALUES (91294,'erro...
- Mon Feb 07, 2011 6:13 am
- Forum: Help: General
- Topic: URGENT: 75% of Datasources/Graphs no longer graphed!
- Replies: 4
- Views: 835
Re: URGENT: 75% of Datasources/Graphs no longer graphed!
I tried setting my host_snmp_query method from 1 to 3. select * from host_snmp_query where reindex_method = 1; UPDATE host_snmp_query SET reindex_method = 3 WHERE reindex_method = 1; than I tried to reindex one of the problematic devices: php -q poller_reindex_hosts.php --id=153 finally rebuild the ...
- Fri Feb 04, 2011 6:45 am
- Forum: Help: General
- Topic: re:WARNING: Result from SNMP not valid. Partial Result: U..
- Replies: 10
- Views: 45483
Re: re:WARNING: Result from SNMP not valid. Partial Result:
mysql> select * from host_snmp_query limit 5; +---------+---------------+------------+--------------------+----------------+ | host_id | snmp_query_id | sort_field | title_format | reindex_method | +---------+---------------+------------+--------------------+----------------+ | 26 | 12 | ifDescr | |...
- Fri Feb 04, 2011 4:30 am
- Forum: Help: General
- Topic: re:WARNING: Result from SNMP not valid. Partial Result: U..
- Replies: 10
- Views: 45483
Re: re:WARNING: Result from SNMP not valid. Partial Result:
Anything new with that issue?
Why do you descripe this feature as evil?
Why do you descripe this feature as evil?
- Fri Feb 04, 2011 4:08 am
- Forum: Help: General
- Topic: URGENT: 75% of Datasources/Graphs no longer graphed!
- Replies: 4
- Views: 835
Re: URGENT: 75% of Datasources/Graphs no longer graphed!
I also tried repairing the templates using repair_templates.php. /usr/share/cacti/cli # php -q ./repair_templates.php --execute NOTE: Repairing All Duplicated Templates NOTE: Repairing Data Templates NOTE: No Damaged Data Templates Found NOTE: Repairing Graph Templates NOTE: No Damaged Graph Templat...
- Thu Feb 03, 2011 1:05 pm
- Forum: Help: General
- Topic: URGENT: 75% of Datasources/Graphs no longer graphed!
- Replies: 4
- Views: 835
URGENT: 75% of Datasources/Graphs no longer graphed!
Hello, I noticed that only a fraction of my graphs are getting data. Most of my interface statistics are empty. I check and crosscheck the problem on wire. I am sure it is not an network error. (I sniffered and read the dumps by myself. ) A SNMP-Response takes 100ms - 200ms. Timeout is set to 3500, ...
- Thu Feb 03, 2011 9:52 am
- Forum: Help: General
- Topic: HELP "SPINE: Poller[0] Host[153] TH[1] DS[35421] WARNING"
- Replies: 1
- Views: 738
Re: HELP "SPINE: Poller[0] Host[153] TH[1] DS[35421] WARNING
I tried removing and re-adding some of the hosts, but still get the same errors.
- Wed Feb 02, 2011 12:35 pm
- Forum: Help: General
- Topic: HELP "SPINE: Poller[0] Host[153] TH[1] DS[35421] WARNING"
- Replies: 1
- Views: 738
HELP "SPINE: Poller[0] Host[153] TH[1] DS[35421] WARNING"
Hi there, I have a ten thousands of log entries per polling interval which look like the ones listed below. I already tried increasing the timeout to up to 8 seconds. I also tried to reduce Max.OIDS from 100 to 25. Doing SNMP (snmpget or snmpwalk) on the Commandline works good. Parameters are identi...
- Wed Feb 02, 2011 11:32 am
- Forum: Help: General
- Topic: Poller scalability and priority
- Replies: 3
- Views: 614
Re: Poller scalability and priority
Hmm, I am some sort of security guy. I did 2 print Articles on SNMP in Hakin9 and the Toolbox nad programmed the snmp-accounting-plattform for the t-com. (not the smallest company i guess ;.-) What is your problem with SNMP? Do you have disabled SNMP on your all of your Systems? Why not just disabli...
- Wed Jan 26, 2011 6:55 am
- Forum: Plugin General
- Topic: Autom8 Feature Request
- Replies: 2
- Views: 661
Re: Autom8 Feature Request
BTW: Is it normal that it takes abaout 5 minutes per host to "apply autm8 rules"?