National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:merethis:centreon:2.0:rc4
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2011-4432

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.

Published: November 09, 2011; 07:55:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-4431

Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.

Published: November 09, 2011; 07:55:00 PM -05:00
V2: 6.5 MEDIUM
CVE-2009-4368

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.

Published: December 21, 2009; 11:30:00 AM -05:00
V2: 10.0 HIGH