Filtered by vendor Centreon
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.8 High |
| Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | ||||
| CVE-2019-16405 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.2 High |
| Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | ||||
| CVE-2019-16195 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.1 Medium |
| Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | ||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | ||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | ||||
| CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | ||||
| CVE-2019-15298 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | ||||
| CVE-2019-13024 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | ||||
| CVE-2018-21025 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 9.8 Critical |
| In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | ||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2024-11-21 | 9.8 Critical |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | ||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | ||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.5 High |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | ||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | ||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | ||||
| CVE-2018-19281 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | ||||
| CVE-2018-19280 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | ||||
| CVE-2018-19271 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | ||||
| CVE-2018-11589 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | ||||