Vulnerabilities > Eyeos Project > Eyeos > 0.8.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-28 | CVE-2006-5071 | Cross-Site Scripting vulnerability in eyeOS Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. network eyeos-project | 4.3 |
2006-02-10 | CVE-2006-0636 | Remote Command Execution vulnerability in EyeOS Session desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | 7.5 |