CVSS: 6.5EPSS: 0%CPEs: 45EXPL: 2CVE-2011-4431 – Centreon 2.3.1 - 'command_name' Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-4431
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter. Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de .. (punto punto) en el parámetro command_name • https://www.exploit-db.com/exploits/36293 http://securityreason.com/securityalert/8530 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4368
https://notcve.org/view.php?id=CVE-2009-4368
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. Múltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importación ldap, posiblemente relacionado con una autenticación no apropiada. • http://osvdb.org/61183 http://secunia.com/advisories/37808 http://www.centreon.com/Development/changelog-2x.html http://www.securityfocus.com/bid/37383 http://www.vupen.com/english/advisories/2009/3578 https://exchange.xforce.ibmcloud.com/vulnerabilities/54893 •