CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21024
https://notcve.org/view.php?id=CVE-2018-21024
08 Oct 2019 — licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. El archivo licenseUpload.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes cargar archivos arbitrarios por medio de una petición POST. • http://www.openwall.com/lists/oss-security/2019/10/09/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16194
https://notcve.org/view.php?id=CVE-2019-16194
25 Sep 2019 — SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Unas vulnerabilidades de inyección SQL en Centreon versiones hasta 19.04, permiten ataques por medio del parámetro svc_id en el archivo include/tracking/status/Services/xml/makeXMLForOneService.php. • https://github.com/centreon/centreon/pull/7862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1560 – Centreon 2.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1560
08 Jul 2015 — SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. Una vulnerabilidad de inyección SQL en la función isUserAdmin en el archivo include/common/common-Func.php en Centreon (anteriormente Merethis Centreon) versiones 2.5.4 y anteriores (corregido en Centreon web ve... • https://www.exploit-db.com/exploits/37528 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2015-1561 – Centreon 2.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1561
08 Jul 2015 — The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. La función escape_command en el archivo include/Administration/corePerformance/getStats.php en Centreon (anteriormente Merethis Centreon) versión 2.5.4 y anteriores (corregido en Centre... • https://www.exploit-db.com/exploits/37528 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 45EXPL: 2CVE-2011-4431 – Centreon 2.3.1 - 'command_name' Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-4431
10 Nov 2011 — Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter. Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de .. (punto punto) en el parámetro command_name • https://www.exploit-db.com/exploits/36293 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 1CVE-2011-4432
https://notcve.org/view.php?id=CVE-2011-4432
10 Nov 2011 — www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. www/include/configuration/nconfigObject/contact/DB-Func.php en Merethis Centreon antes de v2.3.2 no emplea "salt" durante el calculo del hash de una contraseña, lo que hace más sencillo para atacantes dependientes del contexto determinar las ... • http://securityreason.com/securityalert/8530 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4368
https://notcve.org/view.php?id=CVE-2009-4368
21 Dec 2009 — Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. Múltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importación ldap, posiblemente relacionado con una autenticación no apropiada. • http://osvdb.org/61183 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2008-1178 – Centreon 1.4.2.3 - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-1178
06 Mar 2008 — Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119. Vulnerabilidad de salto de directorio de include/doc/index.php en Centreon 1.4.2.3 y anteriores, que permite a atacantes remotos leer archivos de su elección a través de la secuencia .. (punto punto) en la página. Vector diferente del CVE-2008-1119. • https://www.exploit-db.com/exploits/31318 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1179
https://notcve.org/view.php?id=CVE-2008-1179
06 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) de include/common/javascript/color_picker.php en Centreon 1.4.2.3, que permite a atacantes remotos inyectar secuencias de comand... • http://secunia.com/advisories/29158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2008-1119 – Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure
https://notcve.org/view.php?id=CVE-2008-1119
03 Mar 2008 — Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter. Una vulnerabilidad de salto de directorio en el archivo include/doc/get_image.php en Centreon versión 1.4.2.3 y anteriores, permite a atacantes remotos leer archivos arbitrarios por medio de un .. (punto punto) en el parámetro img. • https://www.exploit-db.com/exploits/5204 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •