Home/Product/eyesofnetwork
Product

eyesofnetwork

40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2022-41572
<= 5.3-11
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap
9.8CRITICAL
 CVE-2022-41434
all versions
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component
6.1MEDIUM
 CVE-2022-41433
all versions
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component
4.8MEDIUM
 CVE-2022-41432
all versions
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component
4.8MEDIUM
 CVE-2022-41571
<= 5.3-11
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
9.8CRITICAL
 CVE-2022-41570
<= 5.3-11
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
9.8CRITICAL
 CVE-2021-40643
< 2021-07-07
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location
9.8CRITICAL
 CVE-2022-24612
all versions
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored
5.4MEDIUM
 CVE-2021-33525
<= 5.3-11
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagio
8.8HIGH
 CVE-2021-27514
all versions
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe
9.8CRITICAL
 CVE-2021-27513
all versions
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it reli
8.8HIGH
 CVE-2020-27887
>= 5.3 and <= 5.3-8
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the A
8.8HIGH
 CVE-2020-27886
>= 5.3-7 and <= 5.3-8
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin
9.8CRITICAL
 CVE-2020-24390
< 5.3
eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-a
6.1MEDIUM
 CVE-2020-9465
>= 5.1 and < 5.3-3
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection
9.8CRITICAL
 CVE-2020-8656
all versions
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a
9.8CRITICAL
 CVE-2020-8655
all versions
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing
7.8HIGH
 CVE-2020-8654
all versions
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery m
8.8HIGH
 CVE-2020-8657
all versions
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct
9.8CRITICAL
 CVE-2019-14923
all versions
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
8.8HIGH
 CVE-2017-16000
all versions
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to ex
7.2HIGH
 CVE-2017-15933
all versions
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated admini
7.2HIGH
 CVE-2017-15880
all versions
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated admini
7.2HIGH
 CVE-2017-15188
all versions
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administ
4.8MEDIUM
 CVE-2017-14985
all versions
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users t
5.4MEDIUM
 CVE-2017-14984
all versions
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users t
5.4MEDIUM
 CVE-2017-14983
all versions
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated adminis
4.8MEDIUM
 CVE-2017-14753
all versions
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users t
5.4MEDIUM
 CVE-2017-14405
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array
7.2HIGH
 CVE-2017-14404
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool varia
7.5HIGH
 CVE-2017-14403
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
9.8CRITICAL
 CVE-2017-14402
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_u
9.8CRITICAL
 CVE-2017-14401
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_u
9.8CRITICAL
 CVE-2017-14252
all versions
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
9.8CRITICAL
 CVE-2017-14247
all versions
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue t
9.8CRITICAL
 CVE-2017-14119
all versions
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls,
8.8HIGH
 CVE-2017-14118
all versions
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls,
8.8HIGH
 CVE-2017-13780
all versions
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/a
7.5HIGH
 CVE-2017-1000060
all versions
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
9.8CRITICAL
 CVE-2017-6088
<= 5.0
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbi
7.2HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh