MidnightBSD

Advisories for eyeos_project

CVE-2005-3413 MEDIUM

Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eyeos_project eyeos 0.8.4
CVE-2005-3414 HIGH

eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eyeos_project eyeos 0.8.4
CVE-2006-0636 HIGH

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eyeos_project eyeos 0.8.3
eyeos_project eyeos 0.8.4_r1
eyeos_project eyeos 0.8.7
eyeos_project eyeos 0.8.2
eyeos_project eyeos 0.8.6
eyeos_project eyeos 0.8.2_r2
eyeos_project eyeos 0.8.5
eyeos_project eyeos 0.8.4
eyeos_project eyeos 0.8.1
eyeos_project eyeos 0.8.3_r2
eyeos_project eyeos 0.8.5_r1
eyeos_project eyeos 0.8.8
eyeos_project eyeos 0.8.1_r1
eyeos_project eyeos 0.8.3_r1
eyeos_project eyeos 0.8.9
eyeos_project eyeos 0.8.2_r3
eyeos_project eyeos 0.8
eyeos_project eyeos 0.8.2_r1