|
222521
|
8.8 |
HIGH
Network
|
fortinet
|
fortimanager
|
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH)…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-17654
|
2024-11-21 13:32 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222522
|
8.8 |
HIGH
Network
|
fortinet
|
fortisiem
|
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated …
|
CWE-352
Origin Validation Error
|
CVE-2019-17653
|
2024-11-21 13:32 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222523
|
9.8 |
CRITICAL
Network
|
fortinet
|
forticlient
|
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executabl…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-17658
|
2024-11-21 13:32 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222524
|
8.1 |
HIGH
Network
|
eclipse
|
theia
|
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-17636
|
2024-11-21 13:32 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222525
|
9.8 |
CRITICAL
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.
|
CWE-89
SQL Injection
|
CVE-2019-17647
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222526
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=li…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17646
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222527
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/servic…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17645
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222528
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/vi…
|
CWE-352
CWE-78
Origin Validation Error
OS Command
|
CVE-2019-17642
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222529
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17644
|
2024-11-21 13:32 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222530
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXM…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17643
|
2024-11-21 13:32 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
