The remote host is missing updates announced in advisory GLSA 200506-20.

All Cacti users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/cacti-0.8.6f' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-20 http://bugs.gentoo.org/show_bug.cgi?id=96243 http://bugs.gentoo.org/show_bug.cgi?id=97475 http://www.cacti.net/release_notes_0_8_6e.php http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=false http://www.idefense.com/application/poi/display?id=266&type=vulnerabilities&flashstatus=false http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=false http://www.cacti.net/release_notes_0_8_6f.php http://www.hardened-php.net/advisory-032005.php http://www.hardened-php.net/advisory-042005.php http://www.hardened-php.net/advisory-052005.php

Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities.