Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon centreon web vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-15298
A problem was found in Centreon Web up to and including 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management featu...
Centreon Centreon Web
8.8
CVSSv3
CVE-2019-15299
An issue exists in Centreon Web up to and including 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
Centreon Centreon Web
7.2
CVSSv3
CVE-2019-16405
Centreon Web prior to 2.8.30, 18.10.x prior to 18.10.8, 19.04.x prior to 19.04.5 and 19.10.x prior to 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may b...
Centreon Centreon Web
7.5
CVSSv3
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web prior to 2.8.27 allows malicious users to bypass authentication mechanisms in place.
Centreon Centreon Web
8.8
CVSSv3
CVE-2018-21022
makeXML_ListServices.php in Centreon Web prior to 2.8.28 allows malicious users to perform SQL injections via the host_id parameter.
Centreon Centreon Web
8.8
CVSSv3
CVE-2018-21023
getStats.php in Centreon Web prior to 2.8.28 allows authenticated malicious users to execute arbitrary code via the ns_id parameter.
Centreon Centreon Web
7.8
CVSSv3
CVE-2019-16406
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing malicious users to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
Centreon Centreon Web 19.04.4
1 Github repository
NA
CVE-2008-1179
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details a...
Centreon Centreon
Centreon Centreon 1.4.2
Centreon Centreon 1.4.1
Centreon Centreon 1.4.2.2
Centreon Centreon 1.4.2.1
Centreon Centreon 1.4
9.8
CVSSv3
CVE-2018-21024
licenseUpload.php in Centreon Web prior to 2.8.27 allows malicious users to upload arbitrary files via a POST request.
Centreon Centreon
7.5
CVSSv3
CVE-2019-17104
In Centreon VM up to and including 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Centreon Centreon Vm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »