Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyesofnetwork eyesofnetwork vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41570
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Unauthenticated SQL injection can occur.
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2022-41571
An issue exists in EyesOfNetwork (EON) up to and including 5.3.11. Local file inclusion can occur.
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2021-27514
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
Eyesofnetwork Eyesofnetwork 5.3-10
2 Github repositories
9.8
CVSSv3
CVE-2020-27886
An issue exists in EyesOfNetwork eonweb 5.3-7 up to and including 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to exploit the username_available function of the includes/functions.php file (which is called by login.php).
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2020-9465
An issue exists in EyesOfNetwork eonweb 5.1 up to and including 5.3 prior to 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated malicious user to perform various tasks such as authentication bypass via the user_id field in a cookie.
Eyesofnetwork Eyesofnetwork
1 Github repository
9.8
CVSSv3
CVE-2020-8656
An issue exists in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated malicious user to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2020-8657
An issue exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an malicious user to calculate/guess the admin access token.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
9.8
CVSSv3
CVE-2017-14402
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
Eyesofnetwork Eyesofnetwork 5.1-0
9.8
CVSSv3
CVE-2017-14403
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
Eyesofnetwork Eyesofnetwork 5.1-0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »