|
223651
|
9.8 |
CRITICAL
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.
|
CWE-89
SQL Injection
|
CVE-2019-17647
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223652
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=li…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17646
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223653
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/servic…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17645
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223654
|
8.8 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/vi…
|
CWE-352
CWE-78
Origin Validation Error
OS Command
|
CVE-2019-17642
|
2024-11-21 13:32 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223655
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17644
|
2024-11-21 13:32 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223656
|
7.5 |
HIGH
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXM…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-17643
|
2024-11-21 13:32 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223657
|
6.5 |
MEDIUM
Network
|
eset
|
cyber_security
|
ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his…
|
NVD-CWE-Other
|
CVE-2019-17549
|
2024-11-21 13:32 |
2020-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223658
|
7.5 |
HIGH
Network
|
moxa
|
iologik_2512_firmware
iologik_2512-t_firmware
iologik_2512-hspa_firmware
iologik_2512-hspa-t_firmware
iologik_2512-wl1-eu_firmware
iologik_2512-wl1-eu-t_firmware
iologik_2512-wl1-us…
|
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, whic…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-18238
|
2024-11-21 13:32 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223659
|
9.8 |
CRITICAL
Network
|
netapp
|
oncommand_cloud_manager
|
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
|
NVD-CWE-noinfo
|
CVE-2019-17275
|
2024-11-21 13:32 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223660
|
7.8 |
HIGH
Local
|
netapp
|
fabric-attached_storage_8700_firmware
fabric-attached_storage_8300_firmware
all_flash_fabric-attached_storage_a400_firmware
|
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary comm…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-17274
|
2024-11-21 13:32 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
