Vulnerabilities > Eyesofnetwork
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-15933 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. | 6.5 |
| 2017-10-24 | CVE-2017-15880 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). | 6.5 |
| 2017-10-11 | CVE-2017-15188 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | 3.5 |
| 2017-10-03 | CVE-2017-14985 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | 3.5 |
| 2017-10-03 | CVE-2017-14984 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | 3.5 |
| 2017-10-03 | CVE-2017-14983 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | 3.5 |
| 2017-09-27 | CVE-2017-14753 | Cross-site Scripting vulnerability in Eyesofnetwork 5.10 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | 3.5 |
| 2017-09-13 | CVE-2017-14405 | OS Command Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | 6.5 |
| 2017-09-13 | CVE-2017-14404 | Information Exposure vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. | 5.0 |
| 2017-09-13 | CVE-2017-14403 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | 7.5 |