Vulnerabilities > Eyesofnetwork
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-13 | CVE-2017-14402 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | 9.8 |
2017-09-13 | CVE-2017-14401 | SQL Injection vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | 9.8 |
2017-09-11 | CVE-2017-14252 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | 9.8 |
2017-09-11 | CVE-2017-14247 | SQL Injection vulnerability in Eyesofnetwork 5.10 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | 9.8 |
2017-09-03 | CVE-2017-14119 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | 8.8 |
2017-09-03 | CVE-2017-14118 | OS Command Injection vulnerability in Eyesofnetwork 5.10 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | 8.8 |
2017-08-30 | CVE-2017-13780 | Path Traversal vulnerability in Eyesofnetwork 5.10 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | 7.5 |
2017-07-17 | CVE-2017-1000060 | SQL Injection vulnerability in Eyesofnetwork 5.10 EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | 9.8 |
2017-04-11 | CVE-2017-6088 | SQL Injection vulnerability in Eyesofnetwork 4.23/4.30/5.0 Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | 7.2 |