The remote host is missing an update to cacti announced via advisory DSA 1569-2.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201569-2

The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. For reference, the full advisory text is quoted below. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. For the stable distribution (etch), this problem has been fixed in version 0.8.6i-3.4. For the unstable distribution (sid), this problem has been fixed in version 0.8.7b-1. We recommend that you upgrade your cacti package.