Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2019-17107
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-10-08
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-10-08
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-10-08
CVE-2019-17352
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-10-08
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-10-08
CVE-2018-21021
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
CVE-2018-21022
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-10-08
CVE-2018-21025
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-10-08
CVE-2019-17260
MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data Move starting at mpc_hc!memcpy+0x000000000000004e.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-10-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved