Eyesofnetwork

eyesofnetwork

Vendor: Eyesofnetwork • 37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15188 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 11, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admi...Show more A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.Show less
CVE-2017-14985 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 3, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.p...Show more Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.Show less
CVE-2017-14984 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 3, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_se...Show more Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.Show less
CVE-2017-14983 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Oct 3, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_co...Show more Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.Show less
CVE-2017-14753 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 27, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/in...Show more Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.Show less
CVE-2017-14405 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
CVE-2017-14404 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ subs...Show more The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.Show less
CVE-2017-14403 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
CVE-2017-14402 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/...Show more The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.Show less
CVE-2017-14401 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
CVE-2017-14252 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 11, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
CVE-2017-14247 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 11, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
CVE-2017-14119 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 3, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a...Show more In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.Show less
CVE-2017-14118 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Sep 3, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in th...Show more In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.Show less
CVE-2017-13780 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Aug 30, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
CVE-2017-1000060 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Jul 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
CVE-2017-6088 1Eyesofnetwork 1Eyesofnetwork May 13, 2026 Apr 11, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment paramete...Show more Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.Show less

Previous 12