Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon centreon vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-15299
An issue exists in Centreon Web up to and including 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
Centreon Centreon Web
578
VMScore
CVE-2019-15300
A problem was found in Centreon Web up to and including 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Centreon Centreon Web
578
VMScore
CVE-2019-15298
A problem was found in Centreon Web up to and including 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management featu...
Centreon Centreon Web
NA
CVE-2022-41142
This vulnerability allows remote malicious users to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from ...
Centreon Centreon 22.04.2
445
VMScore
CVE-2019-17104
In Centreon VM up to and including 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Centreon Centreon Vm
445
VMScore
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
578
VMScore
CVE-2021-28053
An issue exists in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.
Centreon Centreon 20.10.0
312
VMScore
CVE-2021-28054
An issue exists in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.
Centreon Centreon 20.10.0
383
VMScore
CVE-2021-28055
An issue exists in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Centreon Centreon 20.10.0
445
VMScore
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web prior to 2.8.27 allows malicious users to bypass authentication mechanisms in place.
Centreon Centreon Web
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »