Eyesofnetwork

Eyesofnetwork

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-24390

  • EPSS 0.39%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:14:43

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.

9.8

CVE-2020-9465

Exploit
  • EPSS 84.89%
  • Veröffentlicht 28.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:42

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a...

9.8

CVE-2020-8656

Exploit
  • EPSS 83.37%
  • Veröffentlicht 07.02.2020 00:15:09
  • Zuletzt bearbeitet 21.11.2024 05:39:12

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functi...

9.3

CVE-2020-8655

Warnung Exploit
  • EPSS 87.35%
  • Veröffentlicht 07.02.2020 00:15:09
  • Zuletzt bearbeitet 10.11.2025 14:42:04

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.

9

CVE-2020-8654

Exploit
  • EPSS 93.35%
  • Veröffentlicht 07.02.2020 00:15:09
  • Zuletzt bearbeitet 21.11.2024 05:39:11

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.

9.8

CVE-2020-8657

Warnung Exploit
  • EPSS 90.3%
  • Veröffentlicht 06.02.2020 18:15:13
  • Zuletzt bearbeitet 10.11.2025 14:42:10

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admi...

8.8

CVE-2019-14923

Exploit
  • EPSS 12.6%
  • Veröffentlicht 16.08.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:41

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.

7.2

CVE-2017-16000

Exploit
  • EPSS 0.44%
  • Veröffentlicht 29.10.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.

7.2

CVE-2017-15933

Exploit
  • EPSS 0.61%
  • Veröffentlicht 27.10.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.

7.2

CVE-2017-15880

Exploit
  • EPSS 0.41%
  • Veröffentlicht 24.10.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for ...