Centreon
Sign in to watchby Centreon
Source repositories
CVEs (44)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1561 | 0.00 | — | 0.05 | Jul 14, 2015 | The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | ||
| CVE-2011-4432 | 0.00 | — | 0.00 | Nov 10, 2011 | www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | ||
| CVE-2009-4368 | 0.00 | — | 0.01 | Dec 21, 2009 | Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. | ||
| CVE-2008-1179 | 0.00 | — | 0.00 | Mar 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. |
Page 3 of 3