Secunia has published a bulletin regarding vulnerabilities in the popular open-source network management web application, Cacti (versions <= 0.8.6i which is the current version).  The vulnerabilities include SQL injection and possible remote code execution.  There is public proof-of-concept code available.  If you run Cacti, you are urged to read the work-arounds in the bulletin until a patch/new version is released.

References:
Secunia bullentin: http://secunia.com/advisories/23528/
CVE: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6799
Cacti home: http://www.cacti.net

---

Jim Clausing,  jclausing %% at %% isc dot sans dot org