• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Raxnet Cacti Console Command Execution Vulnerability

Raxnet Cacti is a frontend for rrdtool, a round robin database for monitoring network activity. It stores information to create graphs and populate them with information from a MySQL database.

In the Cacti console, users can enter operating system commands into the Data Input field. No path checking is performed on the input, which may allow unauthorized access to the underlying operating system.

Reportedly, the attacker must have administrative access to Cacti to exploit this vulnerability.