It was discovered that there were SQL injection vulnerabilities in cacti, a web interface for graphing of monitoring systems.
For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u11.