Vulnerabilities > Eyeos Project > Eyeos > 0.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-28 | CVE-2006-5071 | Cross-Site Scripting vulnerability in eyeOS Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. network eyeos-project | 4.3 |
2006-02-10 | CVE-2006-0636 | Remote Command Execution vulnerability in EyeOS Session desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | 7.5 |
2005-11-01 | CVE-2005-3414 | Information Disclosure vulnerability in Eyeos Project Eyeos 0.8.4 eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. | 7.5 |
2005-11-01 | CVE-2005-3413 | HTML Injection vulnerability in Eyeos Project Eyeos 0.8.4 Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter. network eyeos-project | 4.3 |