Lucene search
K
MerethisCentreon

7 matches found

CVE
CVE
added 2014/10/23 1:0 a.m.60 views

CVE-2014-3828

Centreon 2.5.1 and Centreon Enterprise Server 2.2 contain SQL injection vulnerabilities (CVE-2014-3828) that are pre-auth and remotely exploitable. The issues arise in multiple PHP components where unsanitized input is used: index_id (views/graphs/common/makeXML_ListMetrics.php), sid (views/graph...

10CVSS8.5AI score0.72712EPSS
Web
CVE
CVE
added 2012/12/19 11:0 a.m.53 views

CVE-2012-5967

Centreon 2.3.3 through 2.3.9-4 contains a blind SQL injection in menuXML.php via the menu parameter. Exploitation requires an authenticated remote user and can lead to arbitrary SQL execution against the back-end DB. The issue is mitigated by upgrading to Centreon Web 2.6.0 or Centreon 2.4.0+ (pe...

6.5CVSS8AI score0.0331EPSS
CVE
CVE
added 2011/11/10 12:0 a.m.49 views

CVE-2011-4432

CVE-2011-4432 affects Merethis Centreon prior to 2.3.2. The vulnerability is that the password hashing routine does not use a salt, making it easier for context-dependent attackers to recover plaintext passwords via rainbow tables. The available sources confirm this specific insecure credential h...

5CVSS6.8AI score0.01302EPSS
CVE
CVE
added 2014/10/23 1:0 a.m.49 views

CVE-2014-3829

Centreon 2.5.1 and Centreon Enterprise Server 2.2 are vulnerable to unauthenticated command injection via displayServiceStatus.php, exploiting shell metacharacters in the session_id or template_id parameters (related to the command_line variable). The issue, CVE-2014-3829, is noted as fixed in Ce...

10CVSS7.7AI score0.80998EPSS
CVE
CVE
added 2011/11/10 12:0 a.m.45 views

CVE-2011-4431

Centreon before 2.3.2 is affected by a directory traversal vulnerability in main.php where the command_name parameter is not properly validated. This allows remote authenticated users to execute arbitrary commands via a .. (dot dot) path traversal sequence. The issue arises from insufficient inpu...

6.5CVSS7.3AI score0.06157EPSS
CVE
CVE
added 2009/12/21 4:0 p.m.40 views

CVE-2009-4368

Centreon before 2.1.4 has multiple vulnerabilities in the ping, traceroute, and LDAP import components, likely related to improper authentication. Affects Centreon installations running versions prior to 2.1.4. Remediation: upgrade to Centreon 2.1.4 or apply the vendor patch (VendorFix). No explo...

10CVSS6.8AI score0.02537EPSS
CVE
CVE
added 2010/04/07 6:0 p.m.37 views

CVE-2010-1301

Centreon 2.1.5 contains an SQL injection in main.php exploited via the host_id parameter. The OpenVAS entries confirm Centreon is prone to SQLi due to insufficient input sanitization, enabling remote attackers to execute arbitrary SQL commands and potentially compromise data. The affected compone...

7.5CVSS8.7AI score0.02627EPSS