49 matches found
EUVD-2020-20379
Malware in sbrugna...
EUVD-2020-17122
Malware in sbrugna...
EUVD-2017-5904
Malware in sbrugna...
CVE-2021-33525
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution by authenticated users via shell metacharacters in the nagiospath parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell...
CVE-2020-27886
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
CVE-2020-9465
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the userid field in a cookie...
CVE-2017-14119
In the EyesOfNetwork web interface aka eonweb 5.1-0, module\toolall\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter...
EyesOfNetwork eonweb Remote Command Execution Vulnerability
eonweb is the web interface for EyesOfNetwork. A remote command execution vulnerability exists in EyesOfNetwork eonweb version 5.3-11 and earlier. An attacker can exploit this vulnerability to execute commands via shell metacharacters in the nagiospath parameter of lilac/export.php...
CVE-2021-33525
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution by authenticated users via shell metacharacters in the nagiospath parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell...
EyesOfNetwork 操作系统命令注入漏洞
eonweb is the web interface for EyesOfNetwork. A remote command execution vulnerability exists in EyesOfNetwork eonweb version 5.3-11 and earlier. An attacker can exploit this vulnerability to execute commands via shell metacharacters in the nagiospath parameter of lilac/export.php...
EyesOfNetwork eonweb Arbitrary OS Command Execution Vulnerability
EyesOfNetwork "EON" is the open source and free IT monitoring solution that combines practical ITIL processes with a technical interface that allows its workday program. eonweb is the web interface for EyesOfNetwork. An arbitrary operating system command execution vulnerability exists in...
EyesOfNetwork eonweb SQL injection vulnerability (CNVD-2020-60479)
EyesOfNetwork "EON" is the open source and free IT monitoring solution that combines practical ITIL processes with a technical interface that allows its workday program. eonweb is the web interface for EyesOfNetwork. EyesOfNetwork eonweb 5.3-7 - 5.3-8 suffers from an SQL injection vulnerability...
CVE-2020-27886
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
CVE-2020-27886
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
Sql injection
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
CVE-2020-27886
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...
CVE-2020-27886
The CVE-2020-27886 entry affects EyesOfNetwork eonweb versions 5.3-7 through 5.3-8. The underlying issue is an SQL injection in the username_available function (called by login.php), exploitable by an unauthenticated attacker via the web interface. The vulnerability is confirmed across multiple s...
EyesOfNetwork Cross-Site Scripting Vulnerability (CNVD-2020-49946)
EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generates pop-up windows when events occur in the active queue, and more. eonweb is one of the web interfaces. A cross-site scripting vulnerability exists in EyesOfNetwork...
CVE-2020-24390
CVE-2020-24390 affects EyesOfNetwork’s web interface (eonweb), specifically pre-5.3-7 builds. The vulnerability is a lack of proper escaping of the username on the /module/admin_logs page, which can allow pre-authentication stored XSS in login/logout logs. Public sources confirm affected versions...
CVE-2020-9465
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the userid field in a cookie...