RSS   Vulnerabilities for 'Centreon'   RSS

2020-01-16
 
CVE-2019-20327

CWE-269
 

 
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.)

 
2019-11-26
 
CVE-2019-16195

CWE-79
 

 
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.

 
2019-10-08
 
CVE-2018-21024

CWE-434
 

 
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.

 
2019-09-25
 
CVE-2019-16194

CWE-89
 

 
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.

 
2019-07-01
 
CVE-2019-13024

CWE-77
 

 
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).

 
2018-11-16
 
CVE-2018-19312

CWE-89
 

 
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.

 
 
CVE-2018-19311

CWE-79
 

 
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.

 
2018-11-14
 
CVE-2018-19281

CWE-89
 

 
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.

 
 
CVE-2018-19280

CWE-79
 

 
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.

 
 
CVE-2018-19271

CWE-89
 

 
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.

 


Copyright 2020, cxsecurity.com

 

Back to Top