Cacti 0.8.7a Multiple Vulnerabilities - Seclists Advisory

On February 12, 2008, Francesco “ascii” Ongaro was credited as co-author of a technical advisory published on Seclists.org, in collaboration with Antonio “s4tan” Parata. The document, regarding serious multiple vulnerabilities (XSS, SQL Injection, Path Disclosure, HTTP Response Splitting) in version 0.8.7a of the Cacti network monitoring software, was distributed through the historic Bugtraq mailing list. Ongaro signed the technical analysis and demonstration code, contributing to responsible disclosure of the problem and the subsequent vendor response, which released corrective patches and official updates. The work was published under explicit license with modification prohibition and direct reference to the USH.it site.