Total
51 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19281 | 1 Centreon | 1 Centreon | 2019-07-30 | 7.5 HIGH | 9.8 CRITICAL |
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | |||||
CVE-2018-19280 | 1 Centreon | 1 Centreon | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | |||||
CVE-2018-19271 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | 8.8 HIGH |
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | |||||
CVE-2019-13024 | 1 Centreon | 1 Centreon | 2019-07-26 | 9.0 HIGH | 8.8 HIGH |
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | |||||
CVE-2007-6485 | 1 Centreon | 1 Centreon | 2018-10-15 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. | |||||
CVE-2008-1178 | 1 Centreon | 1 Centreon | 2018-10-11 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119. | |||||
CVE-2018-11587 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | |||||
CVE-2018-11588 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-28 | 3.5 LOW | 5.4 MEDIUM |
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | |||||
CVE-2018-11589 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | |||||
CVE-2008-1119 | 1 Centreon | 1 Centreon | 2017-09-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. | |||||
CVE-2008-1179 | 1 Centreon | 1 Centreon | 2017-08-07 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. |