Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-15300
A problem was found in Centreon Web up to and including 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Centreon Centreon Web
7.5
CVSSv3
CVE-2019-17104
In Centreon VM up to and including 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Centreon Centreon Vm
5.3
CVSSv3
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
6.5
CVSSv3
CVE-2019-17106
In Centreon Web up to and including 2.8.29, disclosure of external components' passwords allows authenticated malicious users to move laterally to external components.
Centreon Centreon Web
9.8
CVSSv3
CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
Centreon Centreon 3.4
5.4
CVSSv3
CVE-2015-7672
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).
Centreon Centreon 2.6.1
8.8
CVSSv3
CVE-2020-22345
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
Centreon Centreon 19.10.8
8.8
CVSSv3
CVE-2019-17107
minPlayCommand.php in Centreon Web prior to 2.8.27 allows authenticated malicious users to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
Centreon Centreon Web
9.8
CVSSv3
CVE-2018-21025
In Centreon VM up to and including 19.04.3, centreon-backup.pl allows malicious users to become root via a crafted script, due to incorrect rights of sourced configuration files.
Centreon Centreon Vm
7.8
CVSSv3
CVE-2019-16406
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing malicious users to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
Centreon Centreon Web 19.04.4
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »