Eyesofnetwork

eyesofnetwork

Vendor: Eyesofnetwork • 37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41572 1Eyesofnetwork 1Eyesofnetwork Jun 13, 2025 Jan 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVE-2022-41571 1Eyesofnetwork 1Eyesofnetwork May 21, 2025 Sep 27, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
CVE-2022-41570 1Eyesofnetwork 1Eyesofnetwork May 21, 2025 Sep 27, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
CVE-2021-40643 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Jun 30, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendm...Show more EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").Show less
CVE-2022-24612 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 25, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.
CVE-2021-33525 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 May 24, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl...Show more EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.Show less
CVE-2021-27514 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
CVE-2021-27513 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 22, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
CVE-2020-27887 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Oct 29, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/au...Show more An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.Show less
CVE-2020-27886 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Oct 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/f...Show more An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).Show less
CVE-2020-24390 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Aug 27, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
CVE-2020-9465 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication byp...Show more An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.Show less
CVE-2020-8656 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to g...Show more An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.Show less
CVE-2020-8655 1Eyesofnetwork 1Eyesofnetwork Nov 10, 2025 Feb 7, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
CVE-2020-8654 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Feb 7, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.ph...Show more An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.Show less
CVE-2020-8657 1Eyesofnetwork 1Eyesofnetwork Nov 10, 2025 Feb 6, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attack...Show more An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.Show less
CVE-2019-14923 1Eyesofnetwork 1Eyesofnetwork Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
CVE-2017-16000 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 29, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.ph...Show more SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.Show less
CVE-2017-15933 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 27, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_d...Show more SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.Show less
CVE-2017-15880 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 24, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_gr...Show more SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).Show less

12 Next