VYPR

Centreon

by Centreon

Source repositories

CVEs (117)

  • CVE-2019-16406Nov 21, 2019
    risk 0.00cvss epss 0.00

    Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.

  • CVE-2019-17501Oct 14, 2019
    risk 0.00cvss epss 0.02

    Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.

  • CVE-2019-17105Oct 8, 2019
    risk 0.00cvss epss 0.02

    The token generator in index.php in Centreon Web before 2.8.27 is predictable.

  • CVE-2018-21024Oct 8, 2019
    risk 0.00cvss epss 0.02

    licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.

  • CVE-2019-17108Oct 8, 2019
    risk 0.00cvss epss 0.01

    Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

  • CVE-2019-17107Oct 8, 2019
    risk 0.00cvss epss 0.04

    minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.

  • CVE-2018-21023Oct 8, 2019
    risk 0.00cvss epss 0.03

    getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.

  • CVE-2018-21022Oct 8, 2019
    risk 0.00cvss epss 0.02

    makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.

  • CVE-2018-21021Oct 8, 2019
    risk 0.00cvss epss 0.02

    img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.

  • CVE-2018-11589CriJun 25, 2018
    risk 0.00cvss 9.8epss 0.02

    Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in…

  • CVE-2018-11588MedJun 25, 2018
    risk 0.00cvss 5.4epss 0.01

    Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu…

  • CVE-2015-1561Jul 14, 2015
    risk 0.00cvss epss 0.09

    The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands…

  • CVE-2015-1560Jul 14, 2015
    risk 0.00cvss epss 0.07

    SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to…

  • CVE-2012-5967Dec 19, 2012
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.

  • CVE-2011-4432Nov 10, 2011
    risk 0.00cvss epss 0.01

    www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.

  • CVE-2009-4368Dec 21, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.

  • CVE-2008-1179Mar 6, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained…

Page 6 of 6