Centreon version 19.10.5 suffers from a remote command execution vulnerability.
030cbc7db120adeefb9decf4ed1426aeca2c73286c9d115a1f53d790e4e5f8edCentreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.
69cf7baade94fd5e803782c07bbd53d7ff5f985beb2b08f0768155d0e8d0e38fCentreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.
3d70a278906238ba02b36becf352ebf454b3dd1b330a5747bf3dbac98c1a8336Centreon version 19.10.5 suffers from a remote SQL injection vulnerability.
fb916a523ec5469527b4b72b517e8d57e05cff77e14901ef3c3fc8c27405bbccCentreon version 19.11 post authentication acl_res_name parameter remote SQL injection vulnerability.
26ddd5ca918503c36714484e708d799c5b8b0c860297a0d6fef820a51abd2fdcThis is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.
02221a056ccb54bfaed855a9ef6741e6737b01e06fc5841d931b5745c69e5e8bThis Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules (to perform certain actions), by the scheduler for data processing, etc. This module uses this functionality to obtain a remote shell on the target.
4fc454b9a7db2a27a465a12d5f364a39e3ac7dba6dcd7fc3801635b21c08d5b6This Metasploit module exploits a Centreon version 19.10.5 Pollers remote command execution vulnerability.
3823f489d80ba96f9daa51e9c9ad49970827297fc04995a65e690613f8eb0684Centreon version 19.10.5 suffers from a Pollers remote command execution vulnerability.
824b22c2f352d66d1fac5582a1d6e01a40daed3d2d240e0e289674e34e783629Centreon version 19.10.5 suffers from a centreontrapd remote command execution vulnerability.
04324f51cee387f1f74eb254c7e283bedc63a9863560d41a110278c3b9393862Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.
af96c61510aefc06361e0fc409d2e6716ceaaa9f3a8292aff4fababf2d56ec14This Metasploit module exploits an authenticated remote code execution vulnerability in Centreon version 19.04.
510a1c2d96045f19207e2336a64b219e4a23437cb33077b85cd5bbdb429d74d9Centreon version 19.04 suffers from an authenticated remote code execution vulnerability.
52b458e04b9294cc2f6308ac2372b6641e658acfb4213ccb6f2dbaacaf7fbb5dCentreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
3c4451947909782cb24cf03b689934f5d565641465aa23686ec6df8df29ff586Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.
6681b871f00d7c1d0d12d5de3f5e49d61b5ac631bdcefc4a0db93c3a54e96145Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks.
de65336a8a68b4177f682854c6416feedbbf44c0a5ff31835c174e78d0ac4037Centreon version 2.6.1 add administrator cross site request forgery exploit.
fb7aeb82618878ab24c9f5c4140479064eb157f08ed35e744bf8bc3096f3f188Centreon version 2.6.1 suffers from a remote shell upload vulnerability.
d6f7d3dc2b9d187d9f488cbf0e34984b389cdb34f36401b172e21e70df766956Merethis Centreon versions 2.5.4 and below suffer from remote SQL injection and command execution vulnerabilities.
33a4b6850bc8efa423b2d9f3dee79ec98c4aad0c75b497867a6a543467abc2bdThis Metasploit module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid session registered in the centreon.session table. In order to have a valid session, all it takes is a successful login from anybody. The exploit itself does not require any authentication. This Metasploit module has been tested successfully on Centreon Enterprise Server 2.2.
8809b442b4ed7e090f87d00c54c5b7bdd1ab5b1b01a8996dfc1c2404ff0bb501Centreon versions 2.5.2 and below and Centreon Enterprise Server versions 2.2 and below and 3.0 and below suffer from remote SQL injection and remote command injection vulnerabilities.
2bbcd9c0f7916e18957b35abbdb6401cfd1ba1a7514ea9da21386fe29c69f1dbCentreon versions 2.3.3 through 2.3.9-4 menuXML.php remote blind SQL injection exploit.
d04b644c764a41f28eca2c71a041e69645a678273c302fafa28bfe8fac2f9c4aSecunia Security Advisory - Spentera has reported a vulnerability in Centreon, which can be exploited by malicious users to conduct SQL injection attacks.
fd146a512e280bffd0d171ef887d96c6d0d8aca652856fb5ec304bf2f0acb5a1The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.
8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6dfCentreon IT and Network Monitoring version 2.1.5 remote SQL injection exploit.
4553234f18b52c174d2dee239d2fa79608be2fba9fedd7cec5b2a07fe0c9b911
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed