Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software up to and including 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed ...
Centreon Centreon
3 Github repositories
6.1
CVSSv3
CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
Centreon Centreon
8.8
CVSSv3
CVE-2018-19312
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
Centreon Centreon
8.8
CVSSv3
CVE-2019-19487
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an malicious user to achieve command injection via a plugin test.
Centreon Centreon
9.8
CVSSv3
CVE-2018-21024
licenseUpload.php in Centreon Web prior to 2.8.27 allows malicious users to upload arbitrary files via a POST request.
Centreon Centreon
5.4
CVSSv3
CVE-2018-19311
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
Centreon Centreon
NA
CVE-2007-6485
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote malicious users to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
Centreon Centreon 1.4.1
1 EDB exploit
8.8
CVSSv3
CVE-2019-13024
Centreon 18.x prior to 18.10.6, 19.x prior to 19.04.3, and Centreon web prior to 2.8.29 allows the malicious user to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command int...
Centreon Centreon 19.04.0
1 EDB exploit
4 Github repositories
6.5
CVSSv3
CVE-2019-17106
In Centreon Web up to and including 2.8.29, disclosure of external components' passwords allows authenticated malicious users to move laterally to external components.
Centreon Centreon Web
6.1
CVSSv3
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web prior to 2.8.28 allows malicious users to disclose information or perform a stored XSS attack on a user.
Centreon Centreon Web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »