exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files

Centreon 19.10.5 Pollers Remote Command Execution
Posted Feb 4, 2020
Authored by Ramella Sebastien, Fabien Aunay, Omri Baso | Site metasploit.com

This Metasploit module exploits a Centreon version 19.10.5 Pollers remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 3823f489d80ba96f9daa51e9c9ad49970827297fc04995a65e690613f8eb0684

Related Files

Centreon 19.10.5 SQL Injection
Posted Apr 20, 2020
Authored by Basim Alabdullah

Centreon version 19.10.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fb916a523ec5469527b4b72b517e8d57e05cff77e14901ef3c3fc8c27405bbcc
Centreon 19.11 SQL Injection
Posted Apr 9, 2020
Authored by Cody Sixteen

Centreon version 19.11 post authentication acl_res_name parameter remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 26ddd5ca918503c36714484e708d799c5b8b0c860297a0d6fef820a51abd2fdc
Centreon 19.10-3.el7 SQL Injection
Posted Apr 8, 2020
Authored by Cody Sixteen

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.

tags | exploit, paper, remote, vulnerability, sql injection
SHA-256 | 02221a056ccb54bfaed855a9ef6741e6737b01e06fc5841d931b5745c69e5e8b
Centreon Poller Authenticated Remote Command Execution
Posted Mar 18, 2020
Authored by mekhalleh, Fabien Aunay, Omri Baso | Site metasploit.com

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules (to perform certain actions), by the scheduler for data processing, etc. This module uses this functionality to obtain a remote shell on the target.

tags | exploit, remote, arbitrary, shell
SHA-256 | 4fc454b9a7db2a27a465a12d5f364a39e3ac7dba6dcd7fc3801635b21c08d5b6
Centreon 19.10.5 Remote Command Execution
Posted Jan 29, 2020
Authored by Fabien Aunay, Omri Baso

Centreon version 19.10.5 suffers from a Pollers remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 824b22c2f352d66d1fac5582a1d6e01a40daed3d2d240e0e289674e34e783629
Centreon 19.10.5 Remote Command Execution
Posted Jan 29, 2020
Authored by Fabien Aunay, Omri Baso

Centreon version 19.10.5 suffers from a centreontrapd remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 04324f51cee387f1f74eb254c7e283bedc63a9863560d41a110278c3b9393862
Centreon 19.10.5 Remote Command Execution
Posted Jan 28, 2020
Authored by Fabien Aunay, Omri Baso

Centreon version 19.10.5 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 030cbc7db120adeefb9decf4ed1426aeca2c73286c9d115a1f53d790e4e5f8ed
Centreon 19.10.5 Credential Disclosure
Posted Jan 28, 2020
Authored by Fabien Aunay, Omri Baso

Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | af96c61510aefc06361e0fc409d2e6716ceaaa9f3a8292aff4fababf2d56ec14
Centreon 19.04 Remote Code Execution
Posted Jan 20, 2020
Authored by enjloezz, TheCyberGeek | Site metasploit.com

This Metasploit module exploits an authenticated remote code execution vulnerability in Centreon version 19.04.

tags | exploit, remote, code execution
advisories | CVE-2019-16405
SHA-256 | 510a1c2d96045f19207e2336a64b219e4a23437cb33077b85cd5bbdb429d74d9
Centreon 19.04 Remote Code Execution
Posted Jul 2, 2019
Authored by Askar

Centreon version 19.04 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-13024
SHA-256 | 52b458e04b9294cc2f6308ac2372b6641e658acfb4213ccb6f2dbaacaf7fbb5d
Centreon Web Interface 2.5.3 Command Execution
Posted Jul 27, 2016
Authored by h00die, Nicolas Chatelain | Site metasploit.com

Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.

tags | exploit, web, arbitrary, code execution
SHA-256 | 5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16
Centreon 2.5.3 Code Execution
Posted Feb 26, 2016
Authored by Nicolas Chatelain

Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 3c4451947909782cb24cf03b689934f5d565641465aa23686ec6df8df29ff586
Centreon 2.6.1 Persistent Cross Site Scripting
Posted Sep 29, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6681b871f00d7c1d0d12d5de3f5e49d61b5ac631bdcefc4a0db93c3a54e96145
Centreon 2.6.1 Command Injection
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks.

tags | exploit, arbitrary, shell, csrf
SHA-256 | de65336a8a68b4177f682854c6416feedbbf44c0a5ff31835c174e78d0ac4037
Centreon 2.6.1 Add Administrator Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 add administrator cross site request forgery exploit.

tags | exploit, csrf
SHA-256 | fb7aeb82618878ab24c9f5c4140479064eb157f08ed35e744bf8bc3096f3f188
Centreon 2.6.1 Shell Upload
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d6f7d3dc2b9d187d9f488cbf0e34984b389cdb34f36401b172e21e70df766956
Merethis Centreon 2.5.4 SQL Injection / Remote Command Execution
Posted Jul 8, 2015
Authored by DAU Huy Ngoc

Merethis Centreon versions 2.5.4 and below suffer from remote SQL injection and command execution vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-1560, CVE-2015-1561
SHA-256 | 33a4b6850bc8efa423b2d9f3dee79ec98c4aad0c75b497867a6a543467abc2bd
Centreon SQL / Command Injection
Posted Oct 23, 2014
Authored by juan vazquez, MaZ | Site metasploit.com

This Metasploit module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid session registered in the centreon.session table. In order to have a valid session, all it takes is a successful login from anybody. The exploit itself does not require any authentication. This Metasploit module has been tested successfully on Centreon Enterprise Server 2.2.

tags | exploit, arbitrary, php, vulnerability, sql injection
advisories | CVE-2014-3828, CVE-2014-3829
SHA-256 | 8809b442b4ed7e090f87d00c54c5b7bdd1ab5b1b01a8996dfc1c2404ff0bb501
Centreon SQL Injection / Command Injection
Posted Oct 18, 2014
Authored by MaZ

Centreon versions 2.5.2 and below and Centreon Enterprise Server versions 2.2 and below and 3.0 and below suffer from remote SQL injection and remote command injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-3828, CVE-2014-3829
SHA-256 | 2bbcd9c0f7916e18957b35abbdb6401cfd1ba1a7514ea9da21386fe29c69f1db
Centreon 2.3.x SQL Injection
Posted Dec 13, 2012
Authored by modpr0be

Centreon versions 2.3.3 through 2.3.9-4 menuXML.php remote blind SQL injection exploit.

tags | exploit, remote, php, sql injection
advisories | CVE-2012-5967
SHA-256 | d04b644c764a41f28eca2c71a041e69645a678273c302fafa28bfe8fac2f9c4a
Secunia Security Advisory 51532
Posted Dec 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Spentera has reported a vulnerability in Centreon, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | fd146a512e280bffd0d171ef887d96c6d0d8aca652856fb5ec304bf2f0acb5a1
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
Centreon IT And Network Monitoring 2.1.5 SQL Injection
Posted Apr 1, 2010
Authored by Jonathan Salwan

Centreon IT and Network Monitoring version 2.1.5 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 4553234f18b52c174d2dee239d2fa79608be2fba9fedd7cec5b2a07fe0c9b911
Secunia Security Advisory 39236
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Centreon, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d118d6a692eb2e06c9458e6adb9a24ba0f2bd8a2424c5d33ffcac142bbd254fd
Secunia Security Advisory 37808
Posted Dec 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Julien Cayssol has reported a vulnerability in Centreon, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | b70c391e62f5d719a5c40bf9e2ba2a62a397edbdb197eb8e2b5499034530cde8
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close