CVSS: 6.5EPSS: 0%CPEs: 45EXPL: 2CVE-2011-4431 – Centreon 2.3.1 - 'command_name' Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-4431
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter. Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de .. (punto punto) en el parámetro command_name • https://www.exploit-db.com/exploits/36293 http://securityreason.com/securityalert/8530 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 5CVE-2010-1301 – Centreon IT & Network Monitoring 2.1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1301
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter. Vulnerabilidad de inyección SQL en main.php en Centreon v2.1.5, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "host_id". • https://www.exploit-db.com/exploits/11979 http://osvdb.org/63347 http://packetstormsecurity.org/1004-exploits/centreon-sql.txt http://secunia.com/advisories/39236 http://www.exploit-db.com/exploits/11979 http://www.securityfocus.com/bid/39118 https://exchange.xforce.ibmcloud.com/vulnerabilities/57464 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4368
https://notcve.org/view.php?id=CVE-2009-4368
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication. Múltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importación ldap, posiblemente relacionado con una autenticación no apropiada. • http://osvdb.org/61183 http://secunia.com/advisories/37808 http://www.centreon.com/Development/changelog-2x.html http://www.securityfocus.com/bid/37383 http://www.vupen.com/english/advisories/2009/3578 https://exchange.xforce.ibmcloud.com/vulnerabilities/54893 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1CVE-2008-1178 – Centreon 1.4.2.3 - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-1178
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119. Vulnerabilidad de salto de directorio de include/doc/index.php en Centreon 1.4.2.3 y anteriores, que permite a atacantes remotos leer archivos de su elección a través de la secuencia .. (punto punto) en la página. Vector diferente del CVE-2008-1119. • https://www.exploit-db.com/exploits/31318 http://secunia.com/advisories/29158 http://securityreason.com/securityalert/3715 http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html http://www.securityfocus.com/archive/1/488956/100/0/threaded http://www.securityfocus.com/bid/28052 https://exchange.xforce.ibmcloud.com/vulnerabilities/40950 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1179
https://notcve.org/view.php?id=CVE-2008-1179
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) de include/common/javascript/color_picker.php en Centreon 1.4.2.3, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de los parámetros (1) name y (2) title. NOTA: Los detalles se han obtenido a través de información por parte de terceros. • http://secunia.com/advisories/29158 http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html http://www.securityfocus.com/bid/28043 https://exchange.xforce.ibmcloud.com/vulnerabilities/40924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •