CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 5CVE-2010-1301 – Centreon IT & Network Monitoring 2.1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1301
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter. Vulnerabilidad de inyección SQL en main.php en Centreon v2.1.5, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "host_id". • https://www.exploit-db.com/exploits/11979 http://osvdb.org/63347 http://packetstormsecurity.org/1004-exploits/centreon-sql.txt http://secunia.com/advisories/39236 http://www.exploit-db.com/exploits/11979 http://www.securityfocus.com/bid/39118 https://exchange.xforce.ibmcloud.com/vulnerabilities/57464 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4368
https://notcve.org/view.php?id=CVE-2009-4368
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. Múltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importación ldap, posiblemente relacionado con una autenticación no apropiada. • http://osvdb.org/61183 http://secunia.com/advisories/37808 http://www.centreon.com/Development/changelog-2x.html http://www.securityfocus.com/bid/37383 http://www.vupen.com/english/advisories/2009/3578 https://exchange.xforce.ibmcloud.com/vulnerabilities/54893 •