Stefan Ritt

Elog Web Logbook

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-7206

  • EPSS 0.32%
  • Veröffentlicht 11.09.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).

5

CVE-2006-6318

Exploit
  • EPSS 3.63%
  • Veröffentlicht 28.12.2006 20:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer derefere...

7.5

CVE-2006-5790

  • EPSS 3.04%
  • Veröffentlicht 07.11.2006 23:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifie...

2.6

CVE-2006-5791

  • EPSS 0.56%
  • Veröffentlicht 07.11.2006 23:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_dire...

5.1

CVE-2006-5063

  • EPSS 1.41%
  • Veröffentlicht 28.09.2006 00:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.

7.5

CVE-2006-0597

  • EPSS 0.94%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".

7.5

CVE-2006-0598

  • EPSS 1.41%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.

5

CVE-2006-0599

  • EPSS 0.65%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.

5

CVE-2006-0600

  • EPSS 1.27%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.

5

CVE-2006-0347

  • EPSS 0.97%
  • Veröffentlicht 21.01.2006 01:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.