6月14日上海 OSC 源创会开始报名,送机械键盘和开源无码内裤
Cacti 0.8.8d 发布,此版本包括一个重要的安全修复:
多个 XSS 和 SQL 注入漏洞
下载:
cacti-0.8.8d.tar.gz
cacti-0.8.8d.zip
更新日志
feature: Remove un-needed fonts and javascript files
bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
bug#0002391: Odd Behaviour on ReIndex of Data Query Data
bug#0002393: Broken thumbnail images for graph templates
bug#0002402: Subtree must not have the same header as the parent header
bug#0002474: CLI add_device.php dows not set availability_method correctly
bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
bug#0002439: Password with special character don't work with LDAP authentication
bug#0002461: invalid bn with ldap and anonymous bind
bug#0002465: Graph Export return empty CSV file
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002485: Broken pagenation on graph viewing
bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
bug#0002490: Can not select page for multiple datasources per device
bug#0002494: CSV export always shows last day
bug#0002504: Data template search not functional
bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
bug#0002544: Duplicate entry in $nav_url during list view
bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
bug#0002572: SQL injection in graph templates
更多内容请看 发行说明 。
Cacti在英文中的意思是仙人掌的意思,Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。它通过 snmpget来获取数据,使用 RRDtool绘画图形,而且你完全可以不需要了解RRDtool复杂的参数。它提供了非常强大的数据和用户管理功能,可以指定每一个用户能查看树状结 构、host以及任何一张图,还可以与LDAP结合进行用户验证,同时也能自己增加模板,功能非常强大完善。
下图是cacti运行的主界面