Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1178
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
Centreon Centreon 1.4.2.2
Centreon Centreon 1.4.2.1
Centreon Centreon 1.4.2
Centreon Centreon
Centreon Centreon 1.4.1
Centreon Centreon 1.4
1 EDB exploit
NA
CVE-2008-1179
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details a...
Centreon Centreon
Centreon Centreon 1.4.2
Centreon Centreon 1.4.1
Centreon Centreon 1.4.2.2
Centreon Centreon 1.4.2.1
Centreon Centreon 1.4
NA
CVE-2008-1119
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter.
Centreon Centreon
Centreon Centreon 1.4.2.2
Centreon Centreon 1.4.1
Centreon Centreon 1.4
Centreon Centreon 1.4.2.1
Centreon Centreon 1.4.2
1 EDB exploit
NA
CVE-2011-4431
Directory traversal vulnerability in main.php in Merethis Centreon prior to 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
Merethis Centreon 1.4
Merethis Centreon 1.4.2.5
Merethis Centreon 1.4.2.6
Merethis Centreon 1.4.2.7
Merethis Centreon 2.0
Merethis Centreon 2.1.10
Merethis Centreon 2.1.11
Merethis Centreon 2.1.7
Merethis Centreon 2.1.8
Merethis Centreon 2.2
Merethis Centreon 2.3.0
Merethis Centreon 1.4.2.3
Merethis Centreon 1.4.2.4
Merethis Centreon 2.1.0
Merethis Centreon 2.1.1
Merethis Centreon 2.1.4
Merethis Centreon 2.1.5
Merethis Centreon 2.1.6
Merethis Centreon 1.4.1
Merethis Centreon 1.4.2
Merethis Centreon 2.0.1
Merethis Centreon 2.0.2
1 EDB exploit
NA
CVE-2011-4432
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon prior to 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent malicious users to determine cleartext passwords via a rainbow-table approach.
Merethis Centreon 1.4.2.1
Merethis Centreon 1.4.2.2
Merethis Centreon 2.0
Merethis Centreon 2.1.2
Merethis Centreon 2.1.3
Merethis Centreon 2.2.1
Merethis Centreon 2.2.2
Merethis Centreon 1.4.1
Merethis Centreon 1.4.2
Merethis Centreon 2.0.1
Merethis Centreon 2.0.2
Merethis Centreon 2.1.12
Merethis Centreon 2.1.13
Merethis Centreon 2.1.9
Merethis Centreon 2.2
Merethis Centreon 2.3.0
Merethis Centreon
Merethis Centreon 1.4.2.3
Merethis Centreon 1.4.2.4
Merethis Centreon 1.4.2.5
Merethis Centreon 2.1.0
Merethis Centreon 2.1.1
NA
CVE-2009-4368
Multiple unspecified vulnerabilities in Centreon prior to 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
Merethis Centreon 2.1.2
Merethis Centreon 2.1.1
Merethis Centreon 2.0.1
Merethis Centreon
Merethis Centreon 2.0
Merethis Centreon 2.0.2
Merethis Centreon 1.4.2.6
Merethis Centreon 1.4.2.5
Merethis Centreon 1.4.2.7
Merethis Centreon 1.4
Merethis Centreon 2.1.0
Merethis Centreon 1.4.2.2
Merethis Centreon 1.4.2.1
Merethis Centreon 1.4.2.4
Merethis Centreon 1.4.2.3
Merethis Centreon 1.4.2
Merethis Centreon 1.4.1
6.5
CVSSv3
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote malicious users to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Centreon Centreon Web 19.10.18
Centreon Centreon Web 20.04.8
Centreon Centreon Web 20.10.2
8.8
CVSSv3
CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
Centreon Centreon 3.4.6
Centreon Centreon 3.4.1
6.1
CVSSv3
CVE-2020-13627
Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitorin...
Centreon Centreon Host-monitoring Widget
Centreon Centreon Tactical-overview Widget
Centreon Centreon Service-monitoring Widget
6.1
CVSSv3
CVE-2020-13628
Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring...
Centreon Centreon Host-monitoring Widget
Centreon Centreon Tactical-overview Widget
Centreon Centreon Service-monitoring Widget
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »