Vulnerabilites related to merethis - centreon
Vulnerability from fkie_nvd
Published
2012-12-19 11:55
Modified
2024-11-21 01:45
Severity ?
Summary
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A0E58-BBF4-4B90-8459-2F5729292267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4846545B-525F-460F-9824-91E715FD5CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "661A5C9D-35E9-42AD-A7B2-D772BA961C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C376F11-CF76-4E41-9C63-208B33554BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEBF54E-87B9-49A7-AB81-7587E194EB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "538EC7A7-42FE-40DA-9168-697BE1DD6E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AC431677-ED5B-49D2-A5AE-9DE118EFE39D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.9-4:*:*:*:*:*:*:*",
"matchCriteriaId": "C67AF8F9-2389-4023-9D57-E211B5126B90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo menuXML.php en Centreon versiones 2.3.3 hasta 2.3.9-4 (corregido en Centreon web versi\u00f3n 2.6.0), permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro menu."
}
],
"id": "CVE-2012-5967",
"lastModified": "2024-11-21T01:45:36.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-19T11:55:56.797",
"references": [
{
"source": "cret@cert.org",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"source": "cret@cert.org",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-10 00:55
Modified
2024-11-21 01:32
Severity ?
Summary
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2952F-A22C-465A-BA6F-A59938932557",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38843FE3-2FB0-4A2A-B912-E9A032938553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643D44B4-8B03-4EA0-A7CD-28E232581F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF20BFD5-B506-4307-9139-F03ABF40EB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08081603-AD02-489B-8997-A507B5C0258D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35C125B6-B9CE-4CC2-BDDB-C4662A0E49A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E71E0C7-4699-4211-B4E8-8365EE23F417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "36179BA7-13B4-4536-8F23-85D02987946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD1A7E5-732F-4D81-893B-4314552F21D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D73CA4BF-87F8-4121-B4E0-C77389140A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5144B2D2-63CE-43A6-8ED5-489C7C813CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F62BA5-CD84-4BF4-8FA4-090F5204078B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "E820AD82-824A-450C-9F43-CE687DD0C958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "717E8961-B598-41AB-9319-4E6EA0023FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C0301884-6130-48F3-9A78-75BCB810601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3150EE-5077-468D-A808-4FD5EA6499CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9377F38-FF3B-43B9-AE24-6FEB84B0997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEF7D25-68E3-491E-9090-2D7D7F07983D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9EFCB141-6231-4A95-AF65-8E80AB3960AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en main.php en Merethis Centreon antes de v2.3.2 permite a usuarios autenticados remotamente ejecutar comandos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro command_name"
}
],
"id": "CVE-2011-4431",
"lastModified": "2024-11-21T01:32:21.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-10T00:55:00.883",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-07 18:30
Modified
2024-11-21 01:14
Severity ?
Summary
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en main.php en Centreon v2.1.5, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"host_id\"."
}
],
"id": "CVE-2010-1301",
"lastModified": "2024-11-21T01:14:05.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-07T18:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/63347"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39236"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/63347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-10 00:55
Modified
2024-11-21 01:32
Severity ?
Summary
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2952F-A22C-465A-BA6F-A59938932557",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38843FE3-2FB0-4A2A-B912-E9A032938553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643D44B4-8B03-4EA0-A7CD-28E232581F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD7744-B87D-470F-9CC0-6054607340D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF20BFD5-B506-4307-9139-F03ABF40EB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08081603-AD02-489B-8997-A507B5C0258D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "35C125B6-B9CE-4CC2-BDDB-C4662A0E49A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E71E0C7-4699-4211-B4E8-8365EE23F417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "36179BA7-13B4-4536-8F23-85D02987946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD1A7E5-732F-4D81-893B-4314552F21D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D73CA4BF-87F8-4121-B4E0-C77389140A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5144B2D2-63CE-43A6-8ED5-489C7C813CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31F62BA5-CD84-4BF4-8FA4-090F5204078B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "E820AD82-824A-450C-9F43-CE687DD0C958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "717E8961-B598-41AB-9319-4E6EA0023FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C0301884-6130-48F3-9A78-75BCB810601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3150EE-5077-468D-A808-4FD5EA6499CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9377F38-FF3B-43B9-AE24-6FEB84B0997F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEF7D25-68E3-491E-9090-2D7D7F07983D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9EFCB141-6231-4A95-AF65-8E80AB3960AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
},
{
"lang": "es",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php en Merethis Centreon antes de v2.3.2 no emplea \"salt\" durante el calculo del hash de una contrase\u00f1a, lo que hace m\u00e1s sencillo para atacantes dependientes del contexto determinar las contrase\u00f1as en texto planto a trav\u00e9s de una aproximaci\u00f3n de tablas \"rainbow\"."
}
],
"id": "CVE-2011-4432",
"lastModified": "2024-11-21T01:32:21.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-10T00:55:00.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-23 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | 2.5.1 | |
| merethis | centreon_enterprise_server | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A46D768-D7E0-4457-AE94-84A921D99818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37A320C7-F9DB-4F87-B5D7-25BBFBA7CAF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Centreon versi\u00f3n 2.5.1 y Centreon Enterprise Server versi\u00f3n 2.2 (corregido en Centreon web versi\u00f3n 2.5.3), permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de (1) el par\u00e1metro index_id en el archivo views/graphs/common/makeXML_ListMetrics.php,(2) el par\u00e1metro sid en el archivo views/graphs/GetXmlTree.php, (3) el par\u00e1metro session_id en el archivo views/graphs/graphStatus/displayServiceStatus.php, (4) el par\u00e1metro mnftr_id en el archivo configuration/configObject/traps/GetXMLTrapsForVendor.php, o (5) el par\u00e1metro index en el archivo common/javascript/commandGetArgs/cmdGetExample.php en include/."
}
],
"id": "CVE-2014-3828",
"lastModified": "2024-11-21T02:08:56.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-23T01:55:16.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-23 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | 2.5.1 | |
| merethis | centreon_enterprise_server | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A46D768-D7E0-4457-AE94-84A921D99818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37A320C7-F9DB-4F87-B5D7-25BBFBA7CAF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
},
{
"lang": "es",
"value": "El archivo displayServiceStatus.php en Centreon versi\u00f3n 2.5.1 y Centreon Enterprise Server versi\u00f3n 2.2 (corregido en Centreon web versi\u00f3n 2.5.3), permite a atacantes ejecutar comandos arbitrarios por medio de metacaracteres de shell en el par\u00e1metro (1) session_id o (2) template_id, relacionado con la variable command_line."
}
],
"id": "CVE-2014-3829",
"lastModified": "2024-11-21T02:08:56.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-23T01:55:16.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2024-11-21 01:09
Severity ?
Summary
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| merethis | centreon | * | |
| merethis | centreon | 1.4 | |
| merethis | centreon | 1.4.1 | |
| merethis | centreon | 1.4.2 | |
| merethis | centreon | 1.4.2.1 | |
| merethis | centreon | 1.4.2.2 | |
| merethis | centreon | 1.4.2.3 | |
| merethis | centreon | 1.4.2.4 | |
| merethis | centreon | 1.4.2.5 | |
| merethis | centreon | 1.4.2.6 | |
| merethis | centreon | 1.4.2.7 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0 | |
| merethis | centreon | 2.0.1 | |
| merethis | centreon | 2.0.2 | |
| merethis | centreon | 2.1.0 | |
| merethis | centreon | 2.1.1 | |
| merethis | centreon | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:merethis:centreon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67D522D-9190-4C98-A0A1-4EABD18D90CF",
"versionEndIncluding": "2.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61975AFA-B0B2-4B19-B208-146B2E71B737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9B3720-9430-49F7-9E81-A8BB2528E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A44136-88C1-4CE5-A579-BD7DB1413E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EA5A52-9234-4A8E-8E84-6D197CB9946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EA670B-897B-4369-AA19-C3052CCE91E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A4852-61E8-4F43-B81F-4C8727082F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F38A5EB-A69E-4567-8DBF-8C438DE66D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62C0AA6-EABE-4926-A4DA-CD471D88C068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A02C2E-AA16-4669-B77E-554B27478D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F3C43F-3277-4162-B025-7FCBF7A79FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "97BB2893-02DC-4C49-B9CA-E9DEF3211C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "9ADD46A2-80D7-49DD-A36D-BC5AAE01FAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "F41E4FC5-0031-41A9-820C-C63FF54E0B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b5:*:*:*:*:*:*",
"matchCriteriaId": "2DD77DAA-E499-4064-B717-42EA1950C028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:b6:*:*:*:*:*:*",
"matchCriteriaId": "4BDC54B9-1955-4849-A6A1-F850931EED7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEC41A81-F8D2-44C7-B56E-C62918FFE0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2FA1001-D1A6-4226-A724-6FF13F040314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6A75F22-4D95-4F5B-820F-C15767ADE928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9DD571A7-C921-48A9-8974-F9D2F03F7CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "47EE53E4-8F0F-4F54-A392-347D2A044B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9A1D39-6124-4E6A-81B1-24674BEF6588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A38C74D1-7D54-4460-B819-0E935D664FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "573D2183-3605-4589-86B9-2CAE570B968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59787-CC19-4C94-B0FA-CD358B286357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:merethis:centreon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A7BA9-076B-4F2E-BF75-61E4717125A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Centreon versiones anteriores a v2.1.4 tienen un impacto y vectores de ataque desconocidos en (1) herramienta ping, (2) herramienta tool, y (3) importaci\u00f3n ldap, posiblemente relacionado con una autenticaci\u00f3n no apropiada."
}
],
"id": "CVE-2009-4368",
"lastModified": "2024-11-21T01:09:28.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61183"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37808"
},
{
"source": "cve@mitre.org",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-5967
Vulnerability from cvelistv5
Published
2012-12-19 11:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856892 | third-party-advisory, x_refsource_CERT-VN | |
| http://forge.centreon.com/projects/centreon/repository/revisions/13749 | x_refsource_MISC | |
| https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Centreon | Centreon |
Version: 2.3.3 through 2.3.9-4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "2.3.3 through 2.3.9-4"
}
]
},
{
"product": "Centreon web",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "fixed in 2.6.0"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-29T14:21:12",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856892",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Centreon",
"version": {
"version_data": [
{
"version_value": "2.3.3 through 2.3.9-4"
}
]
}
},
{
"product_name": "Centreon web",
"version": {
"version_data": [
{
"version_value": "fixed in 2.6.0"
}
]
}
}
]
},
"vendor_name": "Centreon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856892",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856892"
},
{
"name": "http://forge.centreon.com/projects/centreon/repository/revisions/13749",
"refsource": "MISC",
"url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749"
},
{
"name": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/434e291eebcd8f56771ac96b37831634fa52b6a8#diff-606758231371c4a66ae2668f7ad2b617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-5967",
"datePublished": "2012-12-19T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3829
Vulnerability from cvelistv5
Published
2014-10-23 01:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Oct/78 | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/298796 | third-party-advisory, x_refsource_CERT-VN | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:33:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3829",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4432
Vulnerability from cvelistv5
Published
2011-11-10 00:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/8530 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4432",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4368
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37383 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3578 | vdb-entry, x_refsource_VUPEN | |
| http://www.centreon.com/Development/changelog-2x.html | x_refsource_CONFIRM | |
| http://osvdb.org/61183 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/37808 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54893 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37383"
},
{
"name": "ADV-2009-3578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3578"
},
{
"name": "http://www.centreon.com/Development/changelog-2x.html",
"refsource": "CONFIRM",
"url": "http://www.centreon.com/Development/changelog-2x.html"
},
{
"name": "61183",
"refsource": "OSVDB",
"url": "http://osvdb.org/61183"
},
{
"name": "37808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37808"
},
{
"name": "centreon-ping-security-bypass(54893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4368",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4431
Vulnerability from cvelistv5
Published
2011-11-10 00:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/8530 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt"
},
{
"name": "8530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4431",
"datePublished": "2011-11-10T00:00:00",
"dateReserved": "2011-11-09T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3828
Vulnerability from cvelistv5
Published
2014-10-23 01:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Oct/78 | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/298796 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/70648 | vdb-entry, x_refsource_BID | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T19:26:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon \u003c= 2.5.2 and Centreon Enterprise Server \u003c= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
},
{
"name": "70648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70648"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html"
},
{
"name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3828",
"datePublished": "2014-10-23T01:00:00",
"dateReserved": "2014-05-22T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1301
Vulnerability from cvelistv5
Published
2010-04-07 18:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57464 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/39118 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/39236 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/11979 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/1004-exploits/centreon-sql.txt | x_refsource_MISC | |
| http://osvdb.org/63347 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "centreon-hostid-sql-injection(57464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "centreon-hostid-sql-injection(57464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57464"
},
{
"name": "39118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39118"
},
{
"name": "39236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39236"
},
{
"name": "11979",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11979"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/centreon-sql.txt"
},
{
"name": "63347",
"refsource": "OSVDB",
"url": "http://osvdb.org/63347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1301",
"datePublished": "2010-04-07T18:00:00",
"dateReserved": "2010-04-07T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}