Every CVE whose affected-product data names Esi Products Webeoc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2005-2286 — CVSS 10.0 (critical): WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a…
CVE-2005-2284 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
CVE-2005-2285 — CVSS 5.0 (medium): WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote…
CVE-2005-4029 — CVSS 5.0 (medium): WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be…
CVE-2005-2282 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML…
CVE-2005-4002 — CVSS 4.0 (medium): WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC…
CVE-2005-2283 — CVSS 2.1 (low): WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of…