Vendor CVEs
Centreon
All CVEs
117 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16406 | 0.00 | — | 0.00 | Nov 21, 2019 | Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | |||
| CVE-2019-17501 | 0.00 | — | 0.02 | Oct 14, 2019 | Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | |||
| CVE-2019-17105 | 0.00 | — | 0.02 | Oct 8, 2019 | The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||
| CVE-2018-21024 | 0.00 | — | 0.02 | Oct 8, 2019 | licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||
| CVE-2019-17108 | 0.00 | — | 0.01 | Oct 8, 2019 | Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||
| CVE-2019-17107 | 0.00 | — | 0.04 | Oct 8, 2019 | minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | |||
| CVE-2018-21023 | 0.00 | — | 0.03 | Oct 8, 2019 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||
| CVE-2018-21022 | 0.00 | — | 0.02 | Oct 8, 2019 | makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||
| CVE-2018-21021 | 0.00 | — | 0.02 | Oct 8, 2019 | img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||
| CVE-2018-11589 | Cri | 0.00 | 9.8 | 0.02 | Jun 25, 2018 | Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in… | ||
| CVE-2018-11588 | Med | 0.00 | 5.4 | 0.01 | Jun 25, 2018 | Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu… | ||
| CVE-2015-1561 | 0.00 | — | 0.09 | Jul 14, 2015 | The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands… | |||
| CVE-2015-1560 | 0.00 | — | 0.07 | Jul 14, 2015 | SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to… | |||
| CVE-2012-5967 | 0.00 | — | 0.03 | Dec 19, 2012 | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | |||
| CVE-2011-4432 | 0.00 | — | 0.01 | Nov 10, 2011 | www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | |||
| CVE-2009-4368 | 0.00 | — | 0.03 | Dec 21, 2009 | Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. | |||
| CVE-2008-1179 | 0.00 | — | 0.02 | Mar 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained… |
- CVE-2019-16406Nov 21, 2019risk 0.00cvss —epss 0.00
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
- CVE-2019-17501Oct 14, 2019risk 0.00cvss —epss 0.02
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.
- CVE-2019-17105Oct 8, 2019risk 0.00cvss —epss 0.02
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
- CVE-2018-21024Oct 8, 2019risk 0.00cvss —epss 0.02
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
- CVE-2019-17108Oct 8, 2019risk 0.00cvss —epss 0.01
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
- CVE-2019-17107Oct 8, 2019risk 0.00cvss —epss 0.04
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
- CVE-2018-21023Oct 8, 2019risk 0.00cvss —epss 0.03
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
- CVE-2018-21022Oct 8, 2019risk 0.00cvss —epss 0.02
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
- CVE-2018-21021Oct 8, 2019risk 0.00cvss —epss 0.02
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
- risk 0.00cvss 9.8epss 0.02
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in…
- risk 0.00cvss 5.4epss 0.01
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu…
- CVE-2015-1561Jul 14, 2015risk 0.00cvss —epss 0.09
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands…
- CVE-2015-1560Jul 14, 2015risk 0.00cvss —epss 0.07
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to…
- CVE-2012-5967Dec 19, 2012risk 0.00cvss —epss 0.03
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
- CVE-2011-4432Nov 10, 2011risk 0.00cvss —epss 0.01
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
- CVE-2009-4368Dec 21, 2009risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
- CVE-2008-1179Mar 6, 2008risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained…
Page 3 of 3