Search criteria
21 vulnerabilities found for centreon by merethis
FKIE_CVE-2014-3829
Vulnerability from fkie_nvd - Published: 2014-10-23 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | 2.5.1 | |
| merethis | centreon_enterprise_server | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A46D768-D7E0-4457-AE94-84A921D99818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37A320C7-F9DB-4F87-B5D7-25BBFBA7CAF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
},
{
"lang": "es",
"value": "El archivo displayServiceStatus.php en Centreon versi\u00f3n 2.5.1 y Centreon Enterprise Server versi\u00f3n 2.2 (corregido en Centreon web versi\u00f3n 2.5.3), permite a atacantes ejecutar comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro (1) session_id o (2) template_id, relacionado con la variable command_line."
}
],
"id": "CVE-2014-3829",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-23T01:55:16.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3828
Vulnerability from fkie_nvd - Published: 2014-10-23 01:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | 2.5.1 | |
| merethis | centreon_enterprise_server | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A46D768-D7E0-4457-AE94-84A921D99818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37A320C7-F9DB-4F87-B5D7-25BBFBA7CAF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Centreon versi\u00f3n 2.5.1 y Centreon Enterprise Server versi\u00f3n 2.2 (corregido en Centreon web versi\u00f3n 2.5.3), permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de (1) el par\u00e1metro index_id en el archivo views/graphs/common/makeXML_ListMetrics.php,(2) el par\u00e1metro sid en el archivo views/graphs/GetXmlTree.php, (3) el par\u00e1metro session_id en el archivo views/graphs/graphStatus/displayServiceStatus.php, (4) el par\u00e1metro mnftr_id en el archivo configuration/configObject/traps/GetXMLTrapsForVendor.php, o (5) el par\u00e1metro index en el archivo common/javascript/commandGetArgs/cmdGetExample.php en include/."
}
],
"id": "CVE-2014-3828",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-23T01:55:16.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5967
Vulnerability from fkie_nvd - Published: 2012-12-19 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A0E58-BBF4-4B90-8459-2F5729292267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4846545B-525F-460F-9824-91E715FD5CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "661A5C9D-35E9-42AD-A7B2-D772BA961C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C376F11-CF76-4E41-9C63-208B33554BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEBF54E-87B9-49A7-AB81-7587E194EB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "538EC7A7-42FE-40DA-9168-697BE1DD6E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AC431677-ED5B-49D2-A5AE-9DE118EFE39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.9-4:*:*:*:*:*:*:*",
"matchCriteriaId": "C67AF8F9-2389-4023-9D57-E211B5126B90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo menuXML.php en Centreon versiones 2.3.3 hasta 2.3.9-4 (corregido en Centreon web versi\u00f3n 2.6.0), permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro menu."
}
],
"id": "CVE-2012-5967",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-19T11:55:56.797",
"references": [
{
"source": "cret@cert.org",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"source": "cret@cert.org",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4432
Vulnerability from fkie_nvd - Published: 2011-11-10 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2952F-A22C-465A-BA6F-A59938932557",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38843FE3-2FB0-4A2A-B912-E9A032938553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643D44B4-8B03-4EA0-A7CD-28E232581F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF20BFD5-B506-4307-9139-F03ABF40EB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08081603-AD02-489B-8997-A507B5C0258D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35C125B6-B9CE-4CC2-BDDB-C4662A0E49A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E71E0C7-4699-4211-B4E8-8365EE23F417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "36179BA7-13B4-4536-8F23-85D02987946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD1A7E5-732F-4D81-893B-4314552F21D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D73CA4BF-87F8-4121-B4E0-C77389140A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5144B2D2-63CE-43A6-8ED5-489C7C813CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F62BA5-CD84-4BF4-8FA4-090F5204078B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "E820AD82-824A-450C-9F43-CE687DD0C958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "717E8961-B598-41AB-9319-4E6EA0023FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C0301884-6130-48F3-9A78-75BCB810601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3150EE-5077-468D-A808-4FD5EA6499CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9377F38-FF3B-43B9-AE24-6FEB84B0997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEF7D25-68E3-491E-9090-2D7D7F07983D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9EFCB141-6231-4A95-AF65-8E80AB3960AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
},
{
"lang": "es",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php en Merethis Centreon antes de v2.3.2 no emplea \"salt\" durante el calculo del hash de una contrase\u00f1a, lo que hace m\u00e1s sencillo para atacantes dependientes del contexto determinar las contrase\u00f1as en texto planto a trav\u00e9s de una aproximaci\u00f3n de tablas \"rainbow\"."
}
],
"id": "CVE-2011-4432",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-10T00:55:00.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4431
Vulnerability from fkie_nvd - Published: 2011-11-10 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2952F-A22C-465A-BA6F-A59938932557",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38843FE3-2FB0-4A2A-B912-E9A032938553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643D44B4-8B03-4EA0-A7CD-28E232581F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF20BFD5-B506-4307-9139-F03ABF40EB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08081603-AD02-489B-8997-A507B5C0258D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35C125B6-B9CE-4CC2-BDDB-C4662A0E49A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E71E0C7-4699-4211-B4E8-8365EE23F417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "36179BA7-13B4-4536-8F23-85D02987946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD1A7E5-732F-4D81-893B-4314552F21D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D73CA4BF-87F8-4121-B4E0-C77389140A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5144B2D2-63CE-43A6-8ED5-489C7C813CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F62BA5-CD84-4BF4-8FA4-090F5204078B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "E820AD82-824A-450C-9F43-CE687DD0C958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "717E8961-B598-41AB-9319-4E6EA0023FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C0301884-6130-48F3-9A78-75BCB810601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3150EE-5077-468D-A808-4FD5EA6499CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9377F38-FF3B-43B9-AE24-6FEB84B0997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEF7D25-68E3-491E-9090-2D7D7F07983D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9EFCB141-6231-4A95-AF65-8E80AB3960AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro command_name"
}
],
"id": "CVE-2011-4431",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-10T00:55:00.883",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1301
Vulnerability from fkie_nvd - Published: 2010-04-07 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en main.php en Centreon v2.1.5, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"host_id\"."
}
],
"id": "CVE-2010-1301",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-07T18:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/63347"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39236"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/63347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4368
Vulnerability from fkie_nvd - Published: 2009-12-21 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | * | |
| merethis | centreon | 1.4 | |
| merethis | centreon | 1.4.1 | |
| merethis | centreon | 1.4.2 | |
| merethis | centreon | 1.4.2.1 | |
| merethis | centreon | 1.4.2.2 | |
| merethis | centreon | 1.4.2.3 | |
| merethis | centreon | 1.4.2.4 | |
| merethis | centreon | 1.4.2.5 | |
| merethis | centreon | 1.4.2.6 | |
| merethis | centreon | 1.4.2.7 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0.1 | |
| merethis | centreon | 2.0.2 | |
| merethis | centreon | 2.1.0 | |
| merethis | centreon | 2.1.1 | |
| merethis | centreon | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67D522D-9190-4C98-A0A1-4EABD18D90CF",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importaci\u00f3n ldap, posiblemente relacionado con una autenticaci\u00f3n no apropiada."
}
],
"id": "CVE-2009-4368",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61183"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37808"
},
{
"source": "cve@mitre.org",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-3829 (GCVE-0-2014-3829)
Vulnerability from cvelistv5 – Published: 2014-10-23 01:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:33:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3829",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3828 (GCVE-0-2014-3828)
Vulnerability from cvelistv5 – Published: 2014-10-23 01:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:26:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70648"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3828",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5967 (GCVE-0-2012-5967)
Vulnerability from cvelistv5 – Published: 2012-12-19 11:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Centreon | Centreon |
Affected:
2.3.3 through 2.3.9-4
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "2.3.3 through 2.3.9-4"
}
]
},
{
"product": "Centreon web",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "fixed in 2.6.0"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:21:12",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Centreon",
"version": {
"version_data": [
{
"version_value": "2.3.3 through 2.3.9-4"
}
]
}
},
{
"product_name": "Centreon web",
"version": {
"version_data": [
{
"version_value": "fixed in 2.6.0"
}
]
}
}
]
},
"vendor_name": "Centreon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856892",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"name": "http://forge.centreon.com/projects/centreon/repository/revisions/13749",
"refsource": "MISC",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"name": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-5967",
"datePublished": "2012-12-19T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4431 (GCVE-0-2011-4431)
Vulnerability from cvelistv5 – Published: 2011-11-10 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4431",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4432 (GCVE-0-2011-4432)
Vulnerability from cvelistv5 – Published: 2011-11-10 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4432",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1301 (GCVE-0-2010-1301)
Vulnerability from cvelistv5 – Published: 2010-04-07 18:00 – Updated: 2024-08-07 01:21
VLAI?
Summary
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "centreon-hostid-sql-injection(57464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"refsource": "OSVDB",
"url": "http://osvdb.org/63347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1301",
"datePublished": "2010-04-07T18:00:00",
"dateReserved": "2010-04-07T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4368 (GCVE-0-2009-4368)
Vulnerability from cvelistv5 – Published: 2009-12-21 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"name": "http://www.centreon.com/Development/changelog-2x.html",
"refsource": "CONFIRM",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"refsource": "OSVDB",
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4368",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3829 (GCVE-0-2014-3829)
Vulnerability from nvd – Published: 2014-10-23 01:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:33:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3829",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3828 (GCVE-0-2014-3828)
Vulnerability from nvd – Published: 2014-10-23 01:00 – Updated: 2024-08-06 10:57
VLAI?
Summary
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:26:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70648"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3828",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5967 (GCVE-0-2012-5967)
Vulnerability from nvd – Published: 2012-12-19 11:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Centreon | Centreon |
Affected:
2.3.3 through 2.3.9-4
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "2.3.3 through 2.3.9-4"
}
]
},
{
"product": "Centreon web",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "fixed in 2.6.0"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:21:12",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Centreon",
"version": {
"version_data": [
{
"version_value": "2.3.3 through 2.3.9-4"
}
]
}
},
{
"product_name": "Centreon web",
"version": {
"version_data": [
{
"version_value": "fixed in 2.6.0"
}
]
}
}
]
},
"vendor_name": "Centreon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856892",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"name": "http://forge.centreon.com/projects/centreon/repository/revisions/13749",
"refsource": "MISC",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"name": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-5967",
"datePublished": "2012-12-19T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4431 (GCVE-0-2011-4431)
Vulnerability from nvd – Published: 2011-11-10 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4431",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4432 (GCVE-0-2011-4432)
Vulnerability from nvd – Published: 2011-11-10 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4432",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1301 (GCVE-0-2010-1301)
Vulnerability from nvd – Published: 2010-04-07 18:00 – Updated: 2024-08-07 01:21
VLAI?
Summary
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "centreon-hostid-sql-injection(57464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"refsource": "OSVDB",
"url": "http://osvdb.org/63347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1301",
"datePublished": "2010-04-07T18:00:00",
"dateReserved": "2010-04-07T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4368 (GCVE-0-2009-4368)
Vulnerability from nvd – Published: 2009-12-21 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"name": "http://www.centreon.com/Development/changelog-2x.html",
"refsource": "CONFIRM",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"refsource": "OSVDB",
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4368",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}