Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40643 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-07-11 | 10.0 HIGH | 9.8 CRITICAL |
| EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). | |||||
| CVE-2020-8656 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. | |||||
| CVE-2020-8657 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-01-01 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. | |||||
| CVE-2021-27514 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation). | |||||
| CVE-2017-1000060 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | |||||
| CVE-2017-14401 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | |||||
| CVE-2017-14252 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | |||||
| CVE-2017-14247 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | |||||
| CVE-2017-14402 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | |||||
| CVE-2017-14403 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | |||||
| CVE-2020-27886 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | |||||
| CVE-2020-9465 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie. | |||||