Security
| Title | Description | Localization | Parameter | Level | Status |
|---|---|---|---|---|---|
| RCE Cacti |
Remote Command Execution in cacti 06/07/2021 |
cacti |
input |
|
|
| XSS 2 |
XSS exploit in lilac 03/03/2021 |
export.php + autodiscovery.php |
input |
|
|
| RCE |
Remote Command Execution in lilac 03/03/2021 |
exporter/engines/nagios/NagiosExportEngine.php |
input |
|
|
| CVE-2021-27514 |
Flaw allowing elevation as administrator 23/02/2021 |
login.php |
sessid |
|
|
| CVE-2021-27513 |
Module allowing to add any type of files 23/02/2021 |
module/admin_itsm/function_itsm.php |
file |
|
|
| CVE-2020-27887 |
Command exploit in lilac 23/10/2020 |
autodiscovery.php |
nmap_binary |
|
|
| CVE-2020-27886 |
SQL exploit in eonweb 23/10/2020 |
includes/functions.php |
user_name |
|
|
| XSS 1 |
XSS exploit in eonweb 02/08/2020 |
module/module_frame/index.php |
url |
|
|
| CSRF 1 |
CSRF exploit in eonweb 02/08/2020 |
module/module_frame/index.php |
url |
|
|
| CVE-2020-9465 |
SQL exploit in eonweb 26/02/2020 |
eonweb/include/classes/Translator.class.php |
user_id |
|
|
| CVE-2020-8656 |
SQL exploit in eonapi 08/02/2020 |
include/api_functions.php |
getApiKey |
|
|
| CVE-2020-8655 |
Apache user can run arbitary commands as root 08/02/2020 |
Apache |
None |
|
|
| CVE-2020-8654 |
An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands 08/02/2020 |
Autodiscovrey |
;id # |
|
|