CVE-2019-3992
- EPSS 4.03%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain ac...
CVE-2019-3993
- EPSS 11.61%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.
CVE-2019-3994
- EPSS 2.8%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to...
CVE-2019-3995
- EPSS 7.96%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.
CVE-2019-3996
- EPSS 3.52%
- Veröffentlicht 17.12.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:01
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
CVE-2016-6342
- EPSS 0.23%
- Veröffentlicht 27.06.2017 20:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
elog 3.1.1 allows remote attackers to post data as any username in the logbook.