Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyesofnetwork vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
668
VMScore
CVE-2020-9465
An issue exists in EyesOfNetwork eonweb 5.1 up to and including 5.3 prior to 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to perform various tasks such as authentication bypass via the user_id field in a cookie.
Eyesofnetwork Eyesofnetwork
1 Github repository
NA
CVE-2022-41570
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Unauthenticated SQL injection can occur.
Eyesofnetwork Eyesofnetwork
NA
CVE-2022-41571
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Local file inclusion can occur.
Eyesofnetwork Eyesofnetwork
905
VMScore
CVE-2017-6088
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or th...
Eyesofnetwork Eyesofnetwork
1 EDB exploit
801
VMScore
CVE-2021-33525
EyesOfNetwork eonweb up to and including 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
Eyesofnetwork Eyesofnetwork
1 Github repository
801
VMScore
CVE-2020-27887
An issue exists in EyesOfNetwork 5.3 up to and including 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
Eyesofnetwork Eyesofnetwork
668
VMScore
CVE-2020-27886
An issue exists in EyesOfNetwork eonweb 5.3-7 up to and including 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to exploit the username_available function of the includes/functions.php file (which is called by login.php).
Eyesofnetwork Eyesofnetwork
383
VMScore
CVE-2020-24390
eonweb in EyesOfNetwork prior to 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.
Eyesofnetwork Eyesofnetwork
312
VMScore
CVE-2017-14753
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
Eyesofnetwork Eyesofnetwork 5.1-0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »