Eyeos Project » Eyeos : Security Vulnerabilities, CVEs, Published In 2006
Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php.
Max CVSS
4.3
EPSS Score
0.50%
Published
2006-09-28
Updated
2017-07-20
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.
Max CVSS
7.5
EPSS Score
2.23%
Published
2006-02-10
Updated
2018-10-19
2 vulnerabilities found