Filtered by vendor Eyesofnetwork
Subscribe
Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8655 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2022-01-01 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. | |||||
| CVE-2020-8654 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-12-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. | |||||
| CVE-2021-33525 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-05-27 | 9.0 HIGH | 8.8 HIGH |
| EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. | |||||
| CVE-2021-27513 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-26 | 6.5 MEDIUM | 8.8 HIGH |
| The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside." | |||||
| CVE-2019-14923 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | |||||
| CVE-2017-15880 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | |||||
| CVE-2017-15933 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | |||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||||
| CVE-2017-16000 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. | |||||
| CVE-2017-14118 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | |||||
| CVE-2017-14119 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | |||||
| CVE-2017-14404 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. | |||||
| CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||||
| CVE-2020-27887 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2020-11-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | |||||
| CVE-2017-6088 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2019-03-13 | 9.0 HIGH | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | |||||