Filtered by vendor Eyesofnetwork
Subscriptions
Total
39 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-27887 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 8.8 High |
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | ||||
CVE-2020-9465 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 9.8 Critical |
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | ||||
CVE-2020-27886 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 9.8 Critical |
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | ||||
CVE-2017-14984 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | ||||
CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | ||||
CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | ||||
CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | ||||
CVE-2017-14985 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | ||||
CVE-2017-14252 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | ||||
CVE-2017-14247 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | ||||
CVE-2017-14983 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | ||||
CVE-2017-14753 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | ||||
CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | ||||
CVE-2017-14404 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. | ||||
CVE-2017-14403 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | ||||
CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | ||||
CVE-2017-14401 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | ||||
CVE-2020-24390 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-09-02 | 6.1 Medium |
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. | ||||
CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2019-03-13 | N/A |
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. |