Vulnerabilities > Eyesofnetwork

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-14402 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
network
low complexity
eyesofnetwork CWE-89
7.5
2017-09-13 CVE-2017-14401 SQL Injection vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
network
low complexity
eyesofnetwork CWE-89
7.5
2017-09-11 CVE-2017-14252 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
network
low complexity
eyesofnetwork CWE-89
7.5
2017-09-11 CVE-2017-14247 SQL Injection vulnerability in Eyesofnetwork 5.10
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
network
low complexity
eyesofnetwork CWE-89
7.5
2017-09-03 CVE-2017-14119 OS Command Injection vulnerability in Eyesofnetwork 5.10
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
network
low complexity
eyesofnetwork CWE-78
6.5
2017-09-03 CVE-2017-14118 OS Command Injection vulnerability in Eyesofnetwork 5.10
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
network
low complexity
eyesofnetwork CWE-78
6.5
2017-08-30 CVE-2017-13780 Path Traversal vulnerability in Eyesofnetwork 5.10
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
network
low complexity
eyesofnetwork CWE-22
5.0
2017-07-17 CVE-2017-1000060 SQL Injection vulnerability in Eyesofnetwork 5.10
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
network
low complexity
eyesofnetwork CWE-89
critical
10.0
2017-04-11 CVE-2017-6088 SQL Injection vulnerability in Eyesofnetwork
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
network
low complexity
eyesofnetwork CWE-89
critical
9.0