Filtered by vendor Centreon
Subscriptions
Total
82 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2024-08-05 | 7.5 High |
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | ||||
CVE-2019-17107 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 8.8 High |
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | ||||
CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 6.5 Medium |
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | ||||
CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 5.3 Medium |
The token generator in index.php in Centreon Web before 2.8.27 is predictable. | ||||
CVE-2019-16405 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 7.2 High |
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | ||||
CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 7.8 High |
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | ||||
CVE-2019-16194 | 1 Centreon | 1 Centreon | 2024-08-05 | 9.8 Critical |
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | ||||
CVE-2019-16195 | 1 Centreon | 1 Centreon | 2024-08-05 | 6.1 Medium |
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | ||||
CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 8.8 High |
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | ||||
CVE-2019-15298 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 8.8 High |
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | ||||
CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 8.8 High |
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | ||||
CVE-2019-13024 | 1 Centreon | 1 Centreon | 2024-08-04 | N/A |
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | ||||
CVE-2020-22425 | 1 Centreon | 1 Centreon | 2024-08-04 | 8.8 High |
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | ||||
CVE-2020-22345 | 1 Centreon | 1 Centreon | 2024-08-04 | 8.8 High |
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. | ||||
CVE-2020-13627 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-08-04 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
CVE-2020-13628 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-08-04 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
CVE-2020-13252 | 1 Centreon | 1 Centreon | 2024-08-04 | 8.8 High |
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | ||||
CVE-2020-10945 | 1 Centreon | 2 Centreon, Widget-host-monitoring | 2024-08-04 | 4.3 Medium |
Centreon before 19.10.7 exposes Session IDs in server responses. | ||||
CVE-2020-10946 | 1 Centreon | 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget | 2024-08-04 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. | ||||
CVE-2020-9463 | 1 Centreon | 1 Centreon | 2024-08-04 | 8.8 High |
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. |