EyeOS <= 0.8.9 Command Execution Vulnerability Network Vulnerability

Summary

The remote system contains a PHP application that is prone to command execution flaws. Description : The remote system is running a vulnerable version of eyeOS. EyeOS is a web based operating system, wich makes it possible to access data and applications remote by using a web-browser. The installed version does not initialize user sessions properly, allowing unauthenticated attackers to execute arbitrary commands with the privileges of the webserver.

Solution

Upgrade to eyeOS version 0.8.10.

References

http://www.gulftech.org/?node=research&article_id=00096-02072006

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0636

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Avenger's News System Command Execution
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Atmail Multiple Unspecified Security Vulnerabilities.
ASP Inline Corporate Calendar SQL injection
ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities