Eyesofnetwork: >> Eyesofnetwork Security Vulnerabilities
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
CVSS Score
8.8
EPSS Score
0.031
Published
2017-09-03
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
CVSS Score
8.8
EPSS Score
0.031
Published
2017-09-03
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-30
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
CVSS Score
9.8
EPSS Score
0.066
Published
2017-07-17
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
CVSS Score
7.2
EPSS Score
0.069
Published
2017-04-11
Page 4