Show filters
52 Total Results
Displaying 31-40 of 52
Sort by:
Attacker Value
Unknown

CVE-2017-14404

Disclosure Date: September 13, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.
0
0
Attacker Value
Unknown

CVE-2017-14402

Disclosure Date: September 13, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.
0
0
Attacker Value
Unknown

CVE-2017-14403

Disclosure Date: September 13, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
0
0
Attacker Value
Unknown

CVE-2017-14401

Disclosure Date: September 13, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.
0
0
Attacker Value
Unknown

CVE-2017-14405

Disclosure Date: September 13, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
0
0
Attacker Value
Unknown

CVE-2017-14252

Disclosure Date: September 11, 2017 (last updated November 26, 2024)
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
0
0
Attacker Value
Unknown

CVE-2017-14247

Disclosure Date: September 11, 2017 (last updated November 26, 2024)
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
0
0
Attacker Value
Unknown

CVE-2017-14118

Disclosure Date: September 03, 2017 (last updated November 26, 2024)
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
0
0
Attacker Value
Unknown

CVE-2017-14119

Disclosure Date: September 03, 2017 (last updated November 26, 2024)
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
0
0
Attacker Value
Unknown

CVE-2017-13780

Disclosure Date: August 30, 2017 (last updated November 26, 2024)
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
0
0
View More Topics  < Previous  Next >