7 matches found
CVE-2021-27513
The module adminITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."...
CVE-2020-27887
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmapbinary parameter to lilac/autodiscovery.php...
CVE-2020-8655
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assess...
EyesOfNetwork 5.3 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...
CVE-2020-8655
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7...
Hardcoded credentials
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token...
CVE-2020-8657
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. Recent assessments: Assessed Attack...