13 matches found
EyesOfNetwork - Hardcoded API Key & SQL Injection
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/apifunctions.php. id: CVE-2020-8656 info: name:...
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...
SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)
SQL Injection Over HTTP Traffic...
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EyesOfNetwork AutoDiscovery Target Command Execution', 'Description' = %q This module exploits multiple vulnerabilities in EyesOfNetwork version...
EyesOfNetwork AutoDiscovery Target Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EyesOfNetwork AutoDiscovery Target Command Execution', 'Description' = %q This module exploits multiple vulnerabilities in EyesOfNetwork version...
CVE-2020-8656
creationtimestamp| type| source ---|---|--- 2020-03-02 21:31:51+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetworkautodiscoveryrce.rb 2020-03-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48169 2025-02-06...
Eyes Of Network (EON) <= 2.4.2 Multiple API Vulnerabilities
Eyes Of Network EON is prone to multiple vulnerabilities over the API. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
EyesOfNetwork 5.3 Remote Code Execution
Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE : CVE-2020-8654, CVE-2020-8655, CVE-2020-8656...
CVE-2020-8656
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/apifunctions.php...
EyesOfNetwork 5.3 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...
EyesOfNetwork 5.3 - Remote Code Execution
Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE : CVE-2020-8654, CVE-2020-8655, CVE-2020-8656...
EyesOfNetwork 5.3 - Remote Code Execution
EyesOfNetwork 5.3 - Remote Code Execution Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...
CVE-2020-8656
EyesOfNetwork 5.3 is affected by CVE-2020-8656 in the API (EyesOfNetwork API 2.4.2). The vulnerability is a SQL injection in getApiKey (username field) that can be exploited unauthenticated to bypass authentication and access the monitoring system. Related advisories cite high/severity impacts (C...