Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Centreon'
2021-08-18
CVE-2020-22345
CWE-78
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
2021-08-03
CVE-2021-37556
CWE-89
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
CVE-2021-37557
CWE-89
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
CVE-2021-37558
CWE-89
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php.
2021-05-26
CVE-2021-27676
CWE-79
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Notifications > Hosts page.
2021-02-15
CVE-2020-22425
CWE-89
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
2020-05-27
CVE-2020-10945
CWE-200
Centreon before 19.10.7 exposes Session IDs in server responses.
2020-05-21
CVE-2020-13252
CWE-78
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
2020-04-06
CVE-2019-19699
CWE-269
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.
2020-03-20
CVE-2019-19487
CWE-78
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Centreon' 
Polish
English